Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LisectAVT_2403002A_185.exe

Overview

General Information

Sample name:LisectAVT_2403002A_185.exe
Analysis ID:1482448
MD5:e4561ad384f825254ddf8335308bbbcf
SHA1:0379bbd4b8684caa337908286b870f5e38a58693
SHA256:8506917c0d92df1de8f1f7e6883669a0190d9997532a653d085d51a4e2123d13
Tags:exe
Infos:

Detection

RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Yara detected RisePro Stealer
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • LisectAVT_2403002A_185.exe (PID: 7284 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002A_185.exe" MD5: E4561AD384F825254DDF8335308BBBCF)
    • schtasks.exe (PID: 7472 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 7520 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • MPGPH131.exe (PID: 7572 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: E4561AD384F825254DDF8335308BBBCF)
  • MPGPH131.exe (PID: 7584 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: E4561AD384F825254DDF8335308BBBCF)
  • RageMP131.exe (PID: 7884 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: E4561AD384F825254DDF8335308BBBCF)
  • RageMP131.exe (PID: 8148 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: E4561AD384F825254DDF8335308BBBCF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
    00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
      00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
        00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
          00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
            Click to see the 10 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: CurrentVersion Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe, ProcessId: 7284, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RageMP131

            Snort Signatures

            No Snort rule has matched

            Suricata Signatures

            Timestamp:2024-07-25T23:07:58.426243+0200
            SID:2046269
            Source Port:49707
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:07:49.737468+0200
            SID:2049060
            Source Port:49706
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:07:52.722847+0200
            SID:2046269
            Source Port:49706
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:08:30.745853+0200
            SID:2022930
            Source Port:443
            Destination Port:64440
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:08:12.379153+0200
            SID:2046269
            Source Port:49712
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:08:04.317411+0200
            SID:2046269
            Source Port:49709
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:07:55.457201+0200
            SID:2049060
            Source Port:49708
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:07:58.426100+0200
            SID:2046269
            Source Port:49708
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:08:03.751669+0200
            SID:2022930
            Source Port:443
            Destination Port:49710
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: LisectAVT_2403002A_185.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeAvira: detection malicious, Label: TR/Redcap.xyhrk
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeAvira: detection malicious, Label: TR/Redcap.xyhrk
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJoe Sandbox ML: detected
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: LisectAVT_2403002A_185.exeJoe Sandbox ML: detected
            Source: LisectAVT_2403002A_185.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

            Networking

            barindex
            Connects to many ports of the same IP (likely port scanning)
            Source: global trafficTCP traffic: 193.233.132.74 ports 0,5,7,8,58709,9
            Source: global trafficTCP traffic: 192.168.2.9:49706 -> 193.233.132.74:58709
            Source: Joe Sandbox ViewIP Address: 193.233.132.74 193.233.132.74
            Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.74
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_0083E0A0 recv,setsockopt,WSAStartup,closesocket,socket,connect,closesocket,0_2_0083E0A0
            Source: LisectAVT_2403002A_185.exe, 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_185.exe, 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
            Source: LisectAVT_2403002A_185.exe, 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_185.exe, 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.000000000138E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3789661923.0000000000DFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3789574147.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3789735499.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3790015018.0000000001478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT
            Source: RageMP131.exe, 0000000A.00000002.3790015018.0000000001478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTD
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.000000000138E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTN

            System Summary

            barindex
            PE file contains section with special chars
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name:
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name: .idata
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name:
            Source: RageMP131.exe.0.drStatic PE information: section name:
            Source: RageMP131.exe.0.drStatic PE information: section name: .idata
            Source: RageMP131.exe.0.drStatic PE information: section name:
            Source: MPGPH131.exe.0.drStatic PE information: section name:
            Source: MPGPH131.exe.0.drStatic PE information: section name: .idata
            Source: MPGPH131.exe.0.drStatic PE information: section name:
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008A98800_2_008A9880
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008950B00_2_008950B0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_009198240_2_00919824
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008291A00_2_008291A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE0_2_00DBD1AE
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008973F00_2_008973F0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_009084A00_2_009084A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00902CE00_2_00902CE0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008224F00_2_008224F0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_0090646A0_2_0090646A
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008A55B00_2_008A55B0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008A65500_2_008A6550
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00828D700_2_00828D70
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_0090BEAF0_2_0090BEAF
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00839F500_2_00839F50
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_003098246_2_00309824
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002850B06_2_002850B0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002998806_2_00299880
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002191A06_2_002191A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD1AE6_2_007AD1AE
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002873F06_2_002873F0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002F646A6_2_002F646A
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002F84A06_2_002F84A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002F2CE06_2_002F2CE0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002124F06_2_002124F0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00218D706_2_00218D70
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002965506_2_00296550
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002955B06_2_002955B0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_002FBEAF6_2_002FBEAF
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0030F7716_2_0030F771
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00229F506_2_00229F50
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_003098247_2_00309824
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002850B07_2_002850B0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002998807_2_00299880
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002191A07_2_002191A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_007AD1AE7_2_007AD1AE
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002873F07_2_002873F0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002F646A7_2_002F646A
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002F84A07_2_002F84A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002F2CE07_2_002F2CE0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002124F07_2_002124F0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00218D707_2_00218D70
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002965507_2_00296550
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002955B07_2_002955B0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_002FBEAF7_2_002FBEAF
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_0030F7717_2_0030F771
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00229F507_2_00229F50
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008C98808_2_008C9880
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008B50B08_2_008B50B0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_009398248_2_00939824
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008491A08_2_008491A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00DDD1AE8_2_00DDD1AE
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008B73F08_2_008B73F0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_009284A08_2_009284A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00922CE08_2_00922CE0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008424F08_2_008424F0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0092646A8_2_0092646A
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008C55B08_2_008C55B0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008C65508_2_008C6550
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00848D708_2_00848D70
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_009896808_2_00989680
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0092BEAF8_2_0092BEAF
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00859F508_2_00859F50
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008C988010_2_008C9880
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008B50B010_2_008B50B0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_0093982410_2_00939824
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008491A010_2_008491A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_00DDD1AE10_2_00DDD1AE
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008B73F010_2_008B73F0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_009284A010_2_009284A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_00922CE010_2_00922CE0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008424F010_2_008424F0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_0092646A10_2_0092646A
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008C55B010_2_008C55B0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008C655010_2_008C6550
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_00848D7010_2_00848D70
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_0098968010_2_00989680
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_0092BEAF10_2_0092BEAF
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_00859F5010_2_00859F50
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 002EFED0 appears 52 times
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: String function: 0091FED0 appears 52 times
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3792420626.00000000050D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefilezilla.exe4 vs LisectAVT_2403002A_185.exe
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamefilezilla.exe4 vs LisectAVT_2403002A_185.exe
            Source: LisectAVT_2403002A_185.exeBinary or memory string: OriginalFilenamefilezilla.exe4 vs LisectAVT_2403002A_185.exe
            Source: LisectAVT_2403002A_185.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: LisectAVT_2403002A_185.exeStatic PE information: Section: ZLIB complexity 0.9993641774891775
            Source: LisectAVT_2403002A_185.exeStatic PE information: Section: kcbbzddg ZLIB complexity 0.9894442103215768
            Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9993641774891775
            Source: RageMP131.exe.0.drStatic PE information: Section: kcbbzddg ZLIB complexity 0.9894442103215768
            Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9993641774891775
            Source: MPGPH131.exe.0.drStatic PE information: Section: kcbbzddg ZLIB complexity 0.9894442103215768
            Source: classification engineClassification label: mal100.troj.evad.winEXE@11/5@0/1
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeFile created: C:\Users\user\AppData\Local\RageMP131Jump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7528:120:WilError_03
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeFile created: C:\Users\user\AppData\Local\Temp\rage131MP.tmpJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: nI16_2_003148C0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: nI17_2_003148C0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: LisectAVT_2403002A_185.exe, 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_185.exe, 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: LisectAVT_2403002A_185.exe, 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_185.exe, 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
            Source: LisectAVT_2403002A_185.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: MPGPH131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: MPGPH131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: RageMP131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: RageMP131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeFile read: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe "C:\Users\user\Desktop\LisectAVT_2403002A_185.exe"
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
            Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
            Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHESTJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winmm.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winmm.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dllJump to behavior
            Source: LisectAVT_2403002A_185.exeStatic file information: File size 2328582 > 1048576
            Source: LisectAVT_2403002A_185.exeStatic PE information: Raw size of kcbbzddg is bigger than: 0x100000 < 0x1a5c00

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeUnpacked PE file: 0.2.LisectAVT_2403002A_185.exe.820000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW; vs :ER;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW;
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 6.2.MPGPH131.exe.210000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW; vs :ER;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW;
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 7.2.MPGPH131.exe.210000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW; vs :ER;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW;
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 8.2.RageMP131.exe.840000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW; vs :ER;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW;
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 10.2.RageMP131.exe.840000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW; vs :ER;.rsrc:W;.idata :W; :EW;kcbbzddg:EW;ixbabcmr:EW;
            Source: initial sampleStatic PE information: section where entry point is pointing to: ixbabcmr
            Source: RageMP131.exe.0.drStatic PE information: real checksum: 0x2397e9 should be: 0x2397ef
            Source: LisectAVT_2403002A_185.exeStatic PE information: real checksum: 0x2397e9 should be: 0x2397ef
            Source: MPGPH131.exe.0.drStatic PE information: real checksum: 0x2397e9 should be: 0x2397ef
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name:
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name: .idata
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name:
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name: kcbbzddg
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name: ixbabcmr
            Source: RageMP131.exe.0.drStatic PE information: section name:
            Source: RageMP131.exe.0.drStatic PE information: section name: .idata
            Source: RageMP131.exe.0.drStatic PE information: section name:
            Source: RageMP131.exe.0.drStatic PE information: section name: kcbbzddg
            Source: RageMP131.exe.0.drStatic PE information: section name: ixbabcmr
            Source: MPGPH131.exe.0.drStatic PE information: section name:
            Source: MPGPH131.exe.0.drStatic PE information: section name: .idata
            Source: MPGPH131.exe.0.drStatic PE information: section name:
            Source: MPGPH131.exe.0.drStatic PE information: section name: kcbbzddg
            Source: MPGPH131.exe.0.drStatic PE information: section name: ixbabcmr
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD000 push ebx; mov dword ptr [esp], 284FAD0Eh0_2_00DBD001
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD000 push edx; mov dword ptr [esp], eax0_2_00DBD04F
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD000 push 0BE3668Ah; mov dword ptr [esp], ecx0_2_00DBD08E
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD000 push ebp; mov dword ptr [esp], ecx0_2_00DBD0B5
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD000 push eax; mov dword ptr [esp], 7FEFE69Fh0_2_00DBD0F0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD000 push esi; mov dword ptr [esp], ecx0_2_00DBD114
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD000 push 4252E962h; mov dword ptr [esp], ecx0_2_00DBD16A
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD03C push edx; mov dword ptr [esp], eax0_2_00DBD04F
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD03C push 0BE3668Ah; mov dword ptr [esp], ecx0_2_00DBD08E
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD03C push ebp; mov dword ptr [esp], ecx0_2_00DBD0B5
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD03C push eax; mov dword ptr [esp], 7FEFE69Fh0_2_00DBD0F0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD03C push esi; mov dword ptr [esp], ecx0_2_00DBD114
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD03C push 4252E962h; mov dword ptr [esp], ecx0_2_00DBD16A
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push ecx; mov dword ptr [esp], 4FCF23DBh0_2_00DBD1AF
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push edx; mov dword ptr [esp], esp0_2_00DBD1DA
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push ecx; mov dword ptr [esp], 7DBF004Bh0_2_00DBD1EB
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push edx; mov dword ptr [esp], 6FD36C89h0_2_00DBD214
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push 2588B968h; mov dword ptr [esp], edi0_2_00DBD24A
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push eax; mov dword ptr [esp], ecx0_2_00DBD260
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push ecx; mov dword ptr [esp], ebx0_2_00DBD26E
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push 0A2373CAh; mov dword ptr [esp], ebx0_2_00DBD2AF
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00DBD1AE push 5E93CC81h; mov dword ptr [esp], eax0_2_00DBD36C
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008FFA97 push ecx; ret 0_2_008FFAAA
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD03C push edx; mov dword ptr [esp], eax6_2_007AD04F
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD03C push 0BE3668Ah; mov dword ptr [esp], ecx6_2_007AD08E
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD03C push ebp; mov dword ptr [esp], ecx6_2_007AD0B5
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD03C push eax; mov dword ptr [esp], 7FEFE69Fh6_2_007AD0F0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD03C push esi; mov dword ptr [esp], ecx6_2_007AD114
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD03C push 4252E962h; mov dword ptr [esp], ecx6_2_007AD16A
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD000 push ebx; mov dword ptr [esp], 284FAD0Eh6_2_007AD001
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_007AD000 push edx; mov dword ptr [esp], eax6_2_007AD04F
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name: entropy: 7.985397454316368
            Source: LisectAVT_2403002A_185.exeStatic PE information: section name: kcbbzddg entropy: 7.949002544785609
            Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.985397454316368
            Source: RageMP131.exe.0.drStatic PE information: section name: kcbbzddg entropy: 7.949002544785609
            Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.985397454316368
            Source: MPGPH131.exe.0.drStatic PE information: section name: kcbbzddg entropy: 7.949002544785609
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeFile created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJump to dropped file
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file

            Boot Survival

            barindex
            Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior

            Malware Analysis System Evasion

            barindex
            Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_0-18934
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_6-18835
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_8-19142
            Tries to detect sandboxes / dynamic malware analysis system (registry check)
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 95FFFB second address: 960008 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE27B4 second address: AE27D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74ACBF05E9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE27D3 second address: AE27D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE27D7 second address: AE2823 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E3h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F74ACBF05E6h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F74ACBF05E9h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1771 second address: AE1776 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1776 second address: AE1780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1780 second address: AE178D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F74AD0D7CD2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1D4D second address: AE1D68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E1h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1D68 second address: AE1D70 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1D70 second address: AE1D7A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F74ACBF05E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1D7A second address: AE1D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1D80 second address: AE1DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F74ACBF05E2h 0x0000000a jmp 00007F74ACBF05DCh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007F74ACBF05D6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE1DA3 second address: AE1DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: ADB935 second address: ADB956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F74ACBF05E6h 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE5F17 second address: AE5F21 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F74AD0D7CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE5FA3 second address: AE5FA9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE5FA9 second address: AE5FAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE605D second address: AE6084 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d jnp 00007F74ACBF05D6h 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE6084 second address: AE6088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE6088 second address: AE608C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE61ED second address: AE61FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F74AD0D7CC8h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE61FE second address: AE620F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE620F second address: AE623F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pop eax 0x0000000b mov dword ptr [ebp+122D1EECh], edi 0x00000011 lea ebx, dword ptr [ebp+12459E77h] 0x00000017 sub di, D10Eh 0x0000001c push eax 0x0000001d push esi 0x0000001e jnp 00007F74AD0D7CCCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE62C1 second address: AE633B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jne 00007F74ACBF05E4h 0x00000010 pushad 0x00000011 jc 00007F74ACBF05D6h 0x00000017 ja 00007F74ACBF05D6h 0x0000001d popad 0x0000001e mov eax, dword ptr [esp+04h] 0x00000022 jmp 00007F74ACBF05E9h 0x00000027 mov eax, dword ptr [eax] 0x00000029 pushad 0x0000002a jp 00007F74ACBF05E6h 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F74ACBF05E0h 0x00000037 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE633B second address: AE63A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edi 0x0000000c jnl 00007F74AD0D7CC8h 0x00000012 pop edi 0x00000013 pop eax 0x00000014 jng 00007F74AD0D7CD2h 0x0000001a push 00000003h 0x0000001c jne 00007F74AD0D7CCCh 0x00000022 adc esi, 7CC70656h 0x00000028 adc di, FFE3h 0x0000002d push 00000000h 0x0000002f mov esi, 1E38E814h 0x00000034 push 00000003h 0x00000036 call 00007F74AD0D7CD9h 0x0000003b pop esi 0x0000003c push 4842F373h 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AE63A3 second address: AE63AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F74ACBF05D6h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AF6D8A second address: AF6D91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AF6D91 second address: AF6DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F74ACBF05E5h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B04683 second address: B04689 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B04689 second address: B0468F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B04BB1 second address: B04BB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B04D0C second address: B04D30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F74ACBF05E7h 0x0000000e popad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B0512D second address: B0514D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F74AD0D7CD6h 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B0514D second address: B0515D instructions: 0x00000000 rdtsc 0x00000002 js 00007F74ACBF05D6h 0x00000008 jnp 00007F74ACBF05D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B0515D second address: B05162 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05162 second address: B05184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F74ACBF05D6h 0x0000000a jmp 00007F74ACBF05E3h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05616 second address: B0561A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B0561A second address: B0561E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05758 second address: B0575E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B0575E second address: B05762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05762 second address: B05766 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05766 second address: B05772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F74ACBF05D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05772 second address: B05777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05777 second address: B057A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F74ACBF05DCh 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F74ACBF05DCh 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d popad 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05D34 second address: B05D3A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05D3A second address: B05D56 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jbe 00007F74ACBF05D6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007F74ACBF05D6h 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05D56 second address: B05D5E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B05D5E second address: B05D63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B06087 second address: B06091 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B06091 second address: B060A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F74ACBF05DDh 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B060A9 second address: B060CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD3h 0x00000007 jmp 00007F74AD0D7CCFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B06238 second address: B0623C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B0623C second address: B06242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B06242 second address: B06248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B06248 second address: B0625D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CD1h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AFAEA3 second address: AFAEB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jo 00007F74ACBF05D6h 0x0000000b jmp 00007F74ACBF05DAh 0x00000010 pop edi 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC9283 second address: AC9287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC9287 second address: AC9299 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b jnl 00007F74ACBF05D6h 0x00000011 pop ebx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC9299 second address: AC92AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCEh 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC92AC second address: AC92CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F74ACBF05DEh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC92CA second address: AC92D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC92D3 second address: AC92D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC92D7 second address: AC92DD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC92DD second address: AC92E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AC92E3 second address: AC92E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B0B89E second address: B0B8BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05E9h 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B116B6 second address: B116CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F74AD0D7CD1h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B11857 second address: B1185C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B11D10 second address: B11D2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B12989 second address: B1298E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1298E second address: B12998 instructions: 0x00000000 rdtsc 0x00000002 je 00007F74AD0D7CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B12998 second address: B129C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F74ACBF05DCh 0x0000000e pop edx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jns 00007F74ACBF05DCh 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B12C53 second address: B12C5D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F74AD0D7CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B13044 second address: B1305E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74ACBF05E6h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B134DB second address: B1350E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F74AD0D7CC6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebx 0x00000011 mov edi, dword ptr [ebp+122D1EABh] 0x00000017 mov dword ptr [ebp+122D3349h], esi 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F74AD0D7CD3h 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1377D second address: B13788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B13788 second address: B1378E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1378E second address: B13793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B13793 second address: B13799 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B13799 second address: B1379D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B139C7 second address: B139CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B139CB second address: B139D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B139D1 second address: B139DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F74AD0D7CC6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B139DB second address: B139DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B139DF second address: B139FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F74AD0D7CD3h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B14014 second address: B14034 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F74ACBF05E4h 0x00000010 pushad 0x00000011 jc 00007F74ACBF05D6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B16B64 second address: B16B73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jc 00007F74AD0D7CCEh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B16B73 second address: B16B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B16B77 second address: B16BB1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F74AD0D7CD0h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007F74AD0D7CC6h 0x00000016 jmp 00007F74AD0D7CD9h 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: ACE3F7 second address: ACE3FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B171B1 second address: B171B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B171B7 second address: B171BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B17CF6 second address: B17D25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push edx 0x0000000c or dword ptr [ebp+12452F22h], esi 0x00000012 pop esi 0x00000013 push 00000000h 0x00000015 mov esi, 5471F417h 0x0000001a push 00000000h 0x0000001c sub dword ptr [ebp+122D1986h], esi 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 ja 00007F74AD0D7CC8h 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B17A77 second address: B17A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B17D25 second address: B17D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F74AD0D7CC6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push ebx 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B17A7B second address: B17A8C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F74ACBF05D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B17A8C second address: B17A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1855D second address: B18580 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnc 00007F74ACBF05F1h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B193B3 second address: B193BD instructions: 0x00000000 rdtsc 0x00000002 js 00007F74AD0D7CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1A969 second address: B1A96E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1A96E second address: B1A9DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F74AD0D7CC8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 mov edi, 34F9BDA5h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F74AD0D7CC8h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 0000001Bh 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 push 00000000h 0x00000049 xchg eax, ebx 0x0000004a push edi 0x0000004b jmp 00007F74AD0D7CD0h 0x00000050 pop edi 0x00000051 push eax 0x00000052 pushad 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1A9DA second address: B1A9E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1FA3D second address: B1FA41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1FA41 second address: B1FA47 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1FA47 second address: B1FA81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, dword ptr [ebp+12469855h] 0x00000012 mov ebx, 027B41ACh 0x00000017 push 00000000h 0x00000019 mov ebx, dword ptr [ebp+122D3708h] 0x0000001f push 00000000h 0x00000021 mov bx, D6AAh 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push ebx 0x00000029 push eax 0x0000002a pop eax 0x0000002b pop ebx 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1FA81 second address: B1FA8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F74ACBF05D6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1FA8B second address: B1FA8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B219EA second address: B219EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B20CDC second address: B20CE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B20DA4 second address: B20DA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B20DA8 second address: B20DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B22B52 second address: B22B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B22B5F second address: B22B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B22B63 second address: B22B69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B23AED second address: B23AF2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B22D19 second address: B22D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B23AF2 second address: B23B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 adc bx, 7E63h 0x0000000d push 00000000h 0x0000000f jo 00007F74AD0D7CCCh 0x00000015 xor dword ptr [ebp+122D2006h], eax 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007F74AD0D7CC8h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 mov dword ptr [ebp+122D297Ah], edx 0x0000003d xchg eax, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 je 00007F74AD0D7CC8h 0x00000046 push ecx 0x00000047 pop ecx 0x00000048 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B22D22 second address: B22D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B23B3F second address: B23B50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74AD0D7CCDh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B25BD2 second address: B25BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F74ACBF05D6h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B25BDD second address: B25BFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jc 00007F74AD0D7CD0h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B24D6B second address: B24D6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B24D6F second address: B24D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B24D78 second address: B24D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B24D7E second address: B24D98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F74AD0D7CD1h 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B27AA6 second address: B27AD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F74ACBF05DCh 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 jmp 00007F74ACBF05DDh 0x0000001b popad 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B28A08 second address: B28A23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B28A23 second address: B28ACA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F74ACBF05D8h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov edi, dword ptr [ebp+122D355Ch] 0x0000002c jmp 00007F74ACBF05E0h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007F74ACBF05D8h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 0000001Dh 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d sub dword ptr [ebp+122D1EB9h], esi 0x00000053 push 00000000h 0x00000055 push ecx 0x00000056 jno 00007F74ACBF05DCh 0x0000005c pop edi 0x0000005d xchg eax, esi 0x0000005e jmp 00007F74ACBF05E1h 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 pushad 0x00000067 popad 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B299BC second address: B299C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B28C07 second address: B28C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F74ACBF05DCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B28C17 second address: B28C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B29B76 second address: B29B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B29B7A second address: B29B80 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B29B80 second address: B29B92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B29B92 second address: B29B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B29B97 second address: B29BA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F74ACBF05D6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B2BA1D second address: B2BA21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B2BC50 second address: B2BC5D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F74ACBF05D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B2CE39 second address: B2CE3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B2DB80 second address: B2DBBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D568Eh], edi 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F74ACBF05D8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b xor dword ptr [ebp+122D1F88h], ecx 0x00000031 push 00000000h 0x00000033 movzx ebx, di 0x00000036 xchg eax, esi 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B2CE3D second address: B2CE4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jng 00007F74AD0D7CC6h 0x00000011 pop eax 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B2DBBE second address: B2DBCC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F74ACBF05DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B2CE4F second address: B2CE54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B34C76 second address: B34CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jbe 00007F74ACBF05F0h 0x0000000b jnl 00007F74ACBF05D6h 0x00000011 jmp 00007F74ACBF05E4h 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3474F second address: B34774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F74AD0D7CC6h 0x0000000a jl 00007F74AD0D7CC6h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F74AD0D7CD1h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B34774 second address: B3477A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3477A second address: B34786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B34786 second address: B3478C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B348CC second address: B348DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jo 00007F74AD0D7CF7h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B348DD second address: B348E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B348E1 second address: B34905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F74AD0D7CC6h 0x0000000d jmp 00007F74AD0D7CD5h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3B45F second address: B3B463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3B463 second address: B3B469 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3B469 second address: B3B46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: ACC7FC second address: ACC804 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3BFF8 second address: B3BFFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3BFFD second address: B3C003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C003 second address: B3C055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F74ACBF05E2h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jne 00007F74ACBF05EBh 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c jmp 00007F74ACBF05E3h 0x00000021 pop ebx 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C055 second address: B3C05A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C05A second address: B3C08E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c jmp 00007F74ACBF05E7h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F74ACBF05DFh 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C212 second address: B3C229 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C229 second address: B3C25C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F74ACBF05E5h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F74ACBF05E5h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C25C second address: B3C26C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C26C second address: B3C287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F74ACBF05DFh 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push edi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C384 second address: B3C3E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F74AD0D7CD9h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F74AD0D7CD8h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007F74AD0D7CCAh 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 jns 00007F74AD0D7CD2h 0x00000026 jmp 00007F74AD0D7CCCh 0x0000002b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C3E2 second address: B3C3F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74ACBF05DCh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C3F2 second address: B3C40B instructions: 0x00000000 rdtsc 0x00000002 js 00007F74AD0D7CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F74AD0D7CC6h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B3C40B second address: B3C414 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B40083 second address: B4008B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B401D3 second address: B401DD instructions: 0x00000000 rdtsc 0x00000002 je 00007F74ACBF05D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B401DD second address: B401F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74AD0D7CCFh 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B405D7 second address: B405DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B405DB second address: B405E5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F74AD0D7CC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B407A5 second address: B407B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F74ACBF05D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B407B5 second address: B407C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CCBh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B408EF second address: B4092C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05E3h 0x00000009 jmp 00007F74ACBF05E5h 0x0000000e popad 0x0000000f jmp 00007F74ACBF05E0h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B40C6D second address: B40C7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B40C7F second address: B40C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F74ACBF05E0h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B4720E second address: B47214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B47214 second address: B47218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B47218 second address: B47226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F74AD0D7CCCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B463F4 second address: B4640E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05E6h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B4640E second address: B46437 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007F74AD0D7CDEh 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B46C5C second address: B46C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007F74ACBF05D6h 0x0000000e jp 00007F74ACBF05D6h 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AFBA7C second address: AFBA80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: AFBA80 second address: AFBA8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F74ACBF05D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B47091 second address: B470B2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F74AD0D7CD8h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B470B2 second address: B470BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B4A2F7 second address: B4A2FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B4E762 second address: B4E766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B4E766 second address: B4E76A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1BCDC second address: B1BCE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1BF43 second address: B1BF47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1BFD6 second address: B1C005 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F74ACBF05E3h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1C245 second address: B1C2A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F74AD0D7CC8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 call 00007F74AD0D7CCDh 0x0000002b jmp 00007F74AD0D7CCFh 0x00000030 pop edx 0x00000031 push eax 0x00000032 push ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 push ecx 0x00000036 pop ecx 0x00000037 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1C33D second address: B1C341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1CB19 second address: B1CBC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c movsx ecx, di 0x0000000f add edx, 255C73AFh 0x00000015 lea eax, dword ptr [ebp+1248F90Fh] 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007F74AD0D7CC8h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 0000001Ch 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 nop 0x00000036 jmp 00007F74AD0D7CCAh 0x0000003b push eax 0x0000003c jno 00007F74AD0D7CCCh 0x00000042 nop 0x00000043 push 00000000h 0x00000045 push ebx 0x00000046 call 00007F74AD0D7CC8h 0x0000004b pop ebx 0x0000004c mov dword ptr [esp+04h], ebx 0x00000050 add dword ptr [esp+04h], 00000017h 0x00000058 inc ebx 0x00000059 push ebx 0x0000005a ret 0x0000005b pop ebx 0x0000005c ret 0x0000005d or dword ptr [ebp+122D5725h], esi 0x00000063 lea eax, dword ptr [ebp+1248F8CBh] 0x00000069 mov dword ptr [ebp+12452FDEh], ebx 0x0000006f nop 0x00000070 jmp 00007F74AD0D7CCCh 0x00000075 push eax 0x00000076 jbe 00007F74AD0D7CD2h 0x0000007c jp 00007F74AD0D7CCCh 0x00000082 push eax 0x00000083 push edx 0x00000084 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1CBC7 second address: AFBA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 nop 0x00000005 push 00000000h 0x00000007 push ebp 0x00000008 call 00007F74ACBF05D8h 0x0000000d pop ebp 0x0000000e mov dword ptr [esp+04h], ebp 0x00000012 add dword ptr [esp+04h], 0000001Bh 0x0000001a inc ebp 0x0000001b push ebp 0x0000001c ret 0x0000001d pop ebp 0x0000001e ret 0x0000001f jnl 00007F74ACBF05D7h 0x00000025 mov ecx, dword ptr [ebp+122D1E16h] 0x0000002b call dword ptr [ebp+122D2D82h] 0x00000031 pushad 0x00000032 jmp 00007F74ACBF05DCh 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F74ACBF05DEh 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B4D989 second address: B4D999 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007F74AD0D7CC6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B4D999 second address: B4D9A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F74ACBF05D6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1BBA2 second address: AFAEA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F74AD0D7CD1h 0x0000000e popad 0x0000000f pop eax 0x00000010 nop 0x00000011 mov dword ptr [ebp+122D187Ah], esi 0x00000017 call dword ptr [ebp+12453144h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jnp 00007F74AD0D7CD7h 0x00000025 jmp 00007F74AD0D7CCBh 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B4DB28 second address: B4DB43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53777 second address: B53791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CD5h 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53791 second address: B537AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DFh 0x00000007 pushad 0x00000008 jne 00007F74ACBF05D6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B537AB second address: B537B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53A9E second address: B53AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F74ACBF05D6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53D7B second address: B53D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CCFh 0x00000009 pop edi 0x0000000a jo 00007F74AD0D7CCCh 0x00000010 jp 00007F74AD0D7CC6h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53D9B second address: B53DA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F74ACBF05D6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53DA5 second address: B53DA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53F31 second address: B53F35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53F35 second address: B53F3F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F74AD0D7CC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53F3F second address: B53F59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F74ACBF05D8h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jg 00007F74ACBF05D8h 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53F59 second address: B53F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53465 second address: B53469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B53469 second address: B53473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B54211 second address: B5421E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F74ACBF05D6h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5421E second address: B54224 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B54224 second address: B54231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F74ACBF05D6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B54231 second address: B5423A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5423A second address: B5423E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B544E0 second address: B544E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B54843 second address: B5485F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5485F second address: B54864 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5C0AD second address: B5C0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05E3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5C0C6 second address: B5C0CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5C0CE second address: B5C0DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F74ACBF05D6h 0x0000000a jns 00007F74ACBF05D6h 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5C0DF second address: B5C0E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5C0E7 second address: B5C0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5BDDD second address: B5BDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B5E0A8 second address: B5E0B2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F74ACBF05D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6324F second address: B63265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CD0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B63524 second address: B63539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F74ACBF05DFh 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B63539 second address: B6353D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6353D second address: B63555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F74ACBF05D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F74ACBF05D8h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B63555 second address: B6355A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6355A second address: B63562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B63817 second address: B6381B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6381B second address: B6382D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F74ACBF05D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6382D second address: B63831 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B63B16 second address: B63B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6472A second address: B64747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CD9h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B64747 second address: B64776 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F74ACBF05EAh 0x0000000c pushad 0x0000000d jns 00007F74ACBF05D6h 0x00000013 jbe 00007F74ACBF05D6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B69387 second address: B6939A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 jnp 00007F74AD0D7CD0h 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6868D second address: B68695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B68695 second address: B68699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B68699 second address: B686A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B686A5 second address: B686B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CCBh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B68AA2 second address: B68AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6C26F second address: B6C275 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6C275 second address: B6C28D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 jno 00007F74ACBF05DCh 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6C28D second address: B6C2C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F74AD0D7CD4h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6BA16 second address: B6BA1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6BA1A second address: B6BA38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F74AD0D7CD3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push esi 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6BA38 second address: B6BA3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6FA52 second address: B6FA65 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jo 00007F74AD0D7CC6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6FA65 second address: B6FA7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F74ACBF05D6h 0x0000000a jmp 00007F74ACBF05DEh 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B6FFE8 second address: B6FFEF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B77481 second address: B7749A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F74ACBF05D6h 0x0000000a jmp 00007F74ACBF05DDh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B75450 second address: B75456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B75456 second address: B7545A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7545A second address: B7546F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B759E5 second address: B759EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B759EF second address: B75A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F74AD0D7CC8h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B76231 second address: B76236 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B76B4F second address: B76B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B76B53 second address: B76B59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B76B59 second address: B76B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F74AD0D7CCEh 0x00000010 push eax 0x00000011 pop eax 0x00000012 jc 00007F74AD0D7CC6h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B76B75 second address: B76B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05DAh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B76B83 second address: B76BD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCCh 0x00000007 jmp 00007F74AD0D7CD6h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F74AD0D7CD7h 0x00000016 push ebx 0x00000017 jmp 00007F74AD0D7CCBh 0x0000001c push edx 0x0000001d pop edx 0x0000001e pop ebx 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7B168 second address: B7B16E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7B16E second address: B7B172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A47F second address: B7A483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A483 second address: B7A489 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A489 second address: B7A493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A493 second address: B7A497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A497 second address: B7A49B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A49B second address: B7A4A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F74AD0D7CC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A5EB second address: B7A5EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A5EF second address: B7A5F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A5F3 second address: B7A602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F74ACBF05D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A602 second address: B7A60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A60F second address: B7A615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7A615 second address: B7A633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F74AD0D7CD9h 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7ABC1 second address: B7ABF4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F74ACBF05D6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F74ACBF05E1h 0x00000013 jmp 00007F74ACBF05DAh 0x00000018 push eax 0x00000019 push edx 0x0000001a jp 00007F74ACBF05D6h 0x00000020 push esi 0x00000021 pop esi 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7AEBC second address: B7AEC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7AEC0 second address: B7AECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F74ACBF05D6h 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B7AECE second address: B7AED2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B88BCB second address: B88BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B86EB4 second address: B86EB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B86EB8 second address: B86EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B86EC0 second address: B86EC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B871B0 second address: B871B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B87329 second address: B8732D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8732D second address: B87333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B87333 second address: B87343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F74AD0D7CC6h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8775C second address: B87767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F74ACBF05D6h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B87A79 second address: B87A80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B87BC8 second address: B87C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05DDh 0x00000009 jmp 00007F74ACBF05DFh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007F74ACBF05DEh 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F74ACBF05E7h 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B87C12 second address: B87C18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B88A4F second address: B88A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8696C second address: B86976 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F74AD0D7CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8E3E5 second address: B8E3FB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F74ACBF05DEh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: ACFE26 second address: ACFE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: ACFE2C second address: ACFE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: ACFE30 second address: ACFE3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8DD89 second address: B8DDA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jl 00007F74ACBF05E1h 0x0000000b jmp 00007F74ACBF05DBh 0x00000010 jo 00007F74ACBF05DCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8DECD second address: B8DED7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F74AD0D7CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8DED7 second address: B8DEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007F74ACBF05D6h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8DEE8 second address: B8DF05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F74AD0D7CCDh 0x0000000f jg 00007F74AD0D7CC6h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8DF05 second address: B8DF09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8E077 second address: B8E099 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F74AD0D7CD9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B8E099 second address: B8E0B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05E2h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B9BBA5 second address: B9BBB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F74AD0D7CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B9BBB1 second address: B9BBB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B9BBB6 second address: B9BBCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F74AD0D7CC6h 0x0000000a jmp 00007F74AD0D7CCCh 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BA40CC second address: BA4103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F74ACBF05E9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F74ACBF05D6h 0x00000013 jmp 00007F74ACBF05E0h 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BA4103 second address: BA410D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F74AD0D7CC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BA410D second address: BA4118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BA4118 second address: BA411E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BA411E second address: BA4129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BA4129 second address: BA4130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BA4130 second address: BA414B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F74ACBF05E3h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BACC07 second address: BACC1E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F74AD0D7CC6h 0x00000008 jmp 00007F74AD0D7CCAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BACC1E second address: BACC24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB74D2 second address: BB74E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CCAh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB74E5 second address: BB74F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05DCh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB74F5 second address: BB7514 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD4h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB5FDB second address: BB5FDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB6670 second address: BB667A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F74AD0D7CC6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB667A second address: BB667E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB7189 second address: BB719B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F74AD0D7CC6h 0x0000000a jp 00007F74AD0D7CC6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB719B second address: BB71CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 jmp 00007F74ACBF05E1h 0x0000000e pop ebx 0x0000000f jmp 00007F74ACBF05E4h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB8DDA second address: BB8DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BB8DDE second address: BB8DFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F74ACBF05E1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BBD47D second address: BBD486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BBD486 second address: BBD490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F74ACBF05D6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BBD490 second address: BBD49A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F74AD0D7CC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BBD04E second address: BBD052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BBED96 second address: BBEDE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F74AD0D7CC6h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F74AD0D7CD0h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edi 0x00000014 jl 00007F74AD0D7CD3h 0x0000001a jmp 00007F74AD0D7CCDh 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F74AD0D7CD9h 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BBEBFA second address: BBEC01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BCAFB2 second address: BCAFB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BCAFB7 second address: BCAFD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F74ACBF05D6h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F74ACBF05DEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BD1A0B second address: BD1A0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BD5313 second address: BD5326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05DFh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BD5326 second address: BD5335 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007F74AD0D7CC6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BCD2C1 second address: BCD2CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F74ACBF05D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BCD2CD second address: BCD300 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F74AD0D7CD0h 0x00000008 pushad 0x00000009 popad 0x0000000a jo 00007F74AD0D7CC6h 0x00000010 popad 0x00000011 jp 00007F74AD0D7CCCh 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a jl 00007F74AD0D7CCCh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BE2B2D second address: BE2B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F74ACBF05E6h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: BE2B4C second address: BE2B58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F74AD0D7CC6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C05B7D second address: C05B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04901 second address: C04920 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F74AD0D7CC6h 0x00000008 jmp 00007F74AD0D7CD5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04920 second address: C04937 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jc 00007F74ACBF05D6h 0x0000000b popad 0x0000000c pushad 0x0000000d jng 00007F74ACBF05D6h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04937 second address: C04954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CCDh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04954 second address: C0495E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F74ACBF05D6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04AB6 second address: C04ABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04ABB second address: C04AEE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop ecx 0x00000008 push ecx 0x00000009 jmp 00007F74ACBF05E3h 0x0000000e jno 00007F74ACBF05D6h 0x00000014 pop ecx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jc 00007F74ACBF05DCh 0x0000001f jc 00007F74ACBF05D6h 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04AEE second address: C04B07 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F74AD0D7CCEh 0x00000008 push edx 0x00000009 pop edx 0x0000000a jnc 00007F74AD0D7CC6h 0x00000010 pushad 0x00000011 jnc 00007F74AD0D7CC6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04C6F second address: C04C8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05DCh 0x00000009 popad 0x0000000a jbe 00007F74ACBF05DEh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C04F19 second address: C04F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74AD0D7CD1h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F74AD0D7CD7h 0x00000011 jmp 00007F74AD0D7CCAh 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C05515 second address: C05538 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F74ACBF05D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F74ACBF05E3h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C05538 second address: C05552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F74AD0D7CD3h 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C056F8 second address: C056FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C0585D second address: C05861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C05861 second address: C05885 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E0h 0x00000007 ja 00007F74ACBF05D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F74ACBF05D6h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C05885 second address: C058B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F74AD0D7CD9h 0x0000000c je 00007F74AD0D7CC6h 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C08725 second address: C0873B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C0873B second address: C0873F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C08A71 second address: C08A7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F74ACBF05D6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C08A7B second address: C08A7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C08A7F second address: C08AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F74ACBF05E2h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F74ACBF05D8h 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C0B4F2 second address: C0B515 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F74AD0D7CCEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F74AD0D7CCBh 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C0B515 second address: C0B51E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C0B51E second address: C0B524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C0B524 second address: C0B53B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F74ACBF05E1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C0D37B second address: C0D39C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F74AD0D7CCCh 0x00000010 jl 00007F74AD0D7CC6h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 jne 00007F74AD0D7CC6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: C0D39C second address: C0D3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 532065E second address: 532068B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F74AD0D7CD3h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 532068B second address: 5320691 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320691 second address: 53206A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74AD0D7CCBh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53206A0 second address: 53206C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53206C6 second address: 53206CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53206CA second address: 53206DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53206DD second address: 53206E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53206E3 second address: 53206E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52A0D4A second address: 52A0D59 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edi, esi 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ah, dl 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52A0D59 second address: 52A0D80 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 5BD18B85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov bh, ch 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F74ACBF05E8h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52A0D80 second address: 52A0DC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F74AD0D7CD1h 0x00000009 and cx, BDB6h 0x0000000e jmp 00007F74AD0D7CD1h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F74AD0D7CD3h 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52A0DC8 second address: 52A0E14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F74ACBF05DFh 0x00000009 jmp 00007F74ACBF05E3h 0x0000000e popfd 0x0000000f call 00007F74ACBF05E8h 0x00000014 pop ecx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push dword ptr [ebp+04h] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52A0E14 second address: 52A0E1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52A0E1A second address: 52A0E20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320312 second address: 5320328 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320328 second address: 532032C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 532032C second address: 5320330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320330 second address: 5320336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320336 second address: 532039B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c mov di, A142h 0x00000010 pushfd 0x00000011 jmp 00007F74AD0D7CD3h 0x00000016 xor esi, 51A2F83Eh 0x0000001c jmp 00007F74AD0D7CD9h 0x00000021 popfd 0x00000022 popad 0x00000023 jmp 00007F74AD0D7CD0h 0x00000028 popad 0x00000029 xchg eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushad 0x0000002e popad 0x0000002f mov si, di 0x00000032 popad 0x00000033 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 532039B second address: 53203DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 7F911081h 0x00000008 mov ax, 33BDh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov ebp, esp 0x00000011 jmp 00007F74ACBF05E8h 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F74ACBF05E7h 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53203DE second address: 53203F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74AD0D7CD4h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53203F6 second address: 53203FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0B46 second address: 52F0B5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0B5E second address: 52F0B65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ah, 5Dh 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0B65 second address: 52F0B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0B6B second address: 52F0B6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0B6F second address: 52F0BAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F74AD0D7CCAh 0x0000000e mov ebp, esp 0x00000010 jmp 00007F74AD0D7CD0h 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F74AD0D7CD7h 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53403CC second address: 534040E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007F74ACBF05DAh 0x00000013 jmp 00007F74ACBF05E5h 0x00000018 popfd 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320DE1 second address: 5320DE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320DE5 second address: 5320DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320DEB second address: 5320DFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, si 0x00000006 mov cx, A53Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320DFF second address: 5320E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320E03 second address: 5320E16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52B0701 second address: 52B0750 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 pushfd 0x00000007 jmp 00007F74ACBF05DAh 0x0000000c sbb si, A768h 0x00000011 jmp 00007F74ACBF05DBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007F74ACBF05E9h 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F74ACBF05DDh 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52B0750 second address: 52B0756 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52B0756 second address: 52B075A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320439 second address: 532043E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 532043E second address: 5320493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F74ACBF05E5h 0x00000008 pushfd 0x00000009 jmp 00007F74ACBF05E0h 0x0000000e and cx, 9048h 0x00000013 jmp 00007F74ACBF05DBh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F74ACBF05E5h 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320493 second address: 53204EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F74AD0D7CD7h 0x00000008 pushfd 0x00000009 jmp 00007F74AD0D7CD8h 0x0000000e sub cx, 8038h 0x00000013 jmp 00007F74AD0D7CCBh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F74AD0D7CCBh 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53204EA second address: 5320507 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320507 second address: 532050D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 532050D second address: 5320511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320511 second address: 5320568 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F74AD0D7CCFh 0x0000000e mov ebp, esp 0x00000010 jmp 00007F74AD0D7CD6h 0x00000015 pop ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F74AD0D7CCEh 0x0000001d and ah, FFFFFF88h 0x00000020 jmp 00007F74AD0D7CCBh 0x00000025 popfd 0x00000026 push eax 0x00000027 push edx 0x00000028 mov ecx, 1633AB15h 0x0000002d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C28 second address: 5320C2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C2E second address: 5320C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C32 second address: 5320C36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C36 second address: 5320C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007F74AD0D7CCEh 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F74AD0D7CD0h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C68 second address: 5320C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C6C second address: 5320C72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C72 second address: 5320C78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C78 second address: 5320C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320C7C second address: 5320CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c mov ah, ADh 0x0000000e push edi 0x0000000f mov ah, 05h 0x00000011 pop edx 0x00000012 popad 0x00000013 and dword ptr [eax], 00000000h 0x00000016 jmp 00007F74ACBF05E8h 0x0000001b and dword ptr [eax+04h], 00000000h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320CB4 second address: 5320CBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320CBA second address: 5320CC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74ACBF05DBh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320CC9 second address: 5320CF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov esi, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320CF0 second address: 5320CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320CF5 second address: 5320CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320CFB second address: 5320CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0A54 second address: 52F0A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F74AD0D7CCFh 0x00000008 pop ecx 0x00000009 mov ebx, 3CD988ECh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], ebp 0x00000014 jmp 00007F74AD0D7CCBh 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F74AD0D7CD0h 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0A93 second address: 52F0A97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0A97 second address: 52F0A9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320FA5 second address: 5320FCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F74ACBF05DBh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52D0856 second address: 52D0876 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 movsx edi, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F74AD0D7CCDh 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52D0876 second address: 52D087C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52D087C second address: 52D08AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F74AD0D7CD7h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52D08AD second address: 52D08D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52D08D1 second address: 52D08D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52D08D7 second address: 52D08DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330C19 second address: 5330C5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F74AD0D7CD6h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F74AD0D7CD7h 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330C5A second address: 5330CCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F74ACBF05DFh 0x00000008 call 00007F74ACBF05E8h 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esp 0x00000012 pushad 0x00000013 call 00007F74ACBF05DCh 0x00000018 mov edi, esi 0x0000001a pop ecx 0x0000001b mov si, di 0x0000001e popad 0x0000001f mov dword ptr [esp], ecx 0x00000022 jmp 00007F74ACBF05E9h 0x00000027 mov eax, dword ptr [775F65FCh] 0x0000002c pushad 0x0000002d mov edi, eax 0x0000002f movzx ecx, dx 0x00000032 popad 0x00000033 test eax, eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330CCD second address: 5330CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330CD1 second address: 5330CED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330CED second address: 5330CF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330CF3 second address: 5330CF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330CF7 second address: 5330D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F751F31A92Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330D0B second address: 5330D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330D0F second address: 5330D15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330D15 second address: 5330D1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5330D1B second address: 5330D1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53300A7 second address: 53300AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53300AD second address: 53300B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53300B1 second address: 53300B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F00C5 second address: 52F00EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 movsx edx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F74AD0D7CD8h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F00EF second address: 52F00FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F00FE second address: 52F0196 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F74AD0D7CCEh 0x0000000f push eax 0x00000010 jmp 00007F74AD0D7CCBh 0x00000015 xchg eax, ecx 0x00000016 pushad 0x00000017 mov ax, dx 0x0000001a popad 0x0000001b push edx 0x0000001c jmp 00007F74AD0D7CCAh 0x00000021 mov dword ptr [esp], ebx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F74AD0D7CCEh 0x0000002b adc eax, 71B69EF8h 0x00000031 jmp 00007F74AD0D7CCBh 0x00000036 popfd 0x00000037 jmp 00007F74AD0D7CD8h 0x0000003c popad 0x0000003d mov ebx, dword ptr [ebp+10h] 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F74AD0D7CCAh 0x00000049 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0196 second address: 52F019C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F019C second address: 52F0204 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 pushfd 0x00000007 jmp 00007F74AD0D7CD9h 0x0000000c adc ax, DFA6h 0x00000011 jmp 00007F74AD0D7CD1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F74AD0D7CCCh 0x00000022 add esi, 5212DD48h 0x00000028 jmp 00007F74AD0D7CCBh 0x0000002d popfd 0x0000002e push ecx 0x0000002f pop esi 0x00000030 popad 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 mov eax, ebx 0x00000037 movsx edx, si 0x0000003a popad 0x0000003b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0204 second address: 52F021F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, 493A7116h 0x00000012 mov dl, 88h 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F021F second address: 52F0247 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ah, bh 0x00000011 mov al, CBh 0x00000013 popad 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F0247 second address: 52F02B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F74ACBF05DCh 0x00000009 sbb ch, FFFFFF98h 0x0000000c jmp 00007F74ACBF05DBh 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ebp 0x00000016 jmp 00007F74ACBF05E2h 0x0000001b mov dword ptr [esp], edi 0x0000001e jmp 00007F74ACBF05E0h 0x00000023 test esi, esi 0x00000025 pushad 0x00000026 mov cx, 857Dh 0x0000002a popad 0x0000002b je 00007F751EE6E954h 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F74ACBF05E1h 0x0000003a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F02B2 second address: 52F02B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F02B8 second address: 52F034B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F74ACBF05DAh 0x00000009 sub ch, FFFFFFB8h 0x0000000c jmp 00007F74ACBF05DBh 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001e jmp 00007F74ACBF05E4h 0x00000023 je 00007F751EE6E90Ch 0x00000029 pushad 0x0000002a movzx eax, bx 0x0000002d mov bh, ADh 0x0000002f popad 0x00000030 mov edx, dword ptr [esi+44h] 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F74ACBF05E0h 0x0000003a xor ecx, 4E083B78h 0x00000040 jmp 00007F74ACBF05DBh 0x00000045 popfd 0x00000046 pushad 0x00000047 push ecx 0x00000048 pop ebx 0x00000049 mov eax, 788931C1h 0x0000004e popad 0x0000004f popad 0x00000050 or edx, dword ptr [ebp+0Ch] 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F74ACBF05E3h 0x0000005a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F034B second address: 52F039C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edx, 61000000h 0x0000000f jmp 00007F74AD0D7CCEh 0x00000014 jne 00007F751F355FD2h 0x0000001a jmp 00007F74AD0D7CD0h 0x0000001f test byte ptr [esi+48h], 00000001h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F039C second address: 52F03A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F03A0 second address: 52F03BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F03BD second address: 52F03CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74ACBF05DCh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F03CD second address: 52F03E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F751F355F92h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F74AD0D7CCAh 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 52F03E7 second address: 52F03FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test bl, 00000007h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53000A4 second address: 53000BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74AD0D7CD4h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53000BC second address: 53000C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53000C0 second address: 53000D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F74AD0D7CCAh 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53000D7 second address: 53000DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53000DD second address: 5300117 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F74AD0D7CCCh 0x00000013 or ax, B298h 0x00000018 jmp 00007F74AD0D7CCBh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 mov eax, 45EB8CE5h 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 530024D second address: 5300253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5300253 second address: 5300257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5300371 second address: 5300382 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53003B8 second address: 53003C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74AD0D7CCCh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53003C8 second address: 53003CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53003CC second address: 53003DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53003DB second address: 53003DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53003DF second address: 53003F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74AD0D7CD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53003F7 second address: 5300409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F74ACBF05DEh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5300409 second address: 530040D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 530040D second address: 5300423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esp, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F74ACBF05DAh 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5300423 second address: 5300452 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F74AD0D7CD1h 0x00000009 adc esi, 29652666h 0x0000000f jmp 00007F74AD0D7CD1h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5300452 second address: 5300462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebp 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b mov eax, 3D64698Fh 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 536180E second address: 5361812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 53618DF second address: 536180E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F74ACBF05E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c lea eax, dword ptr [ebp-10h] 0x0000000f push eax 0x00000010 call ebx 0x00000012 mov edi, edi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B15581 second address: B15586 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B15726 second address: B1572A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1572A second address: B1574A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a jmp 00007F74AD0D7CD1h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: B1574A second address: B1574E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320899 second address: 5320906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 mov ah, E6h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov dx, F144h 0x00000011 pushfd 0x00000012 jmp 00007F74AD0D7CCDh 0x00000017 sbb cl, FFFFFF86h 0x0000001a jmp 00007F74AD0D7CD1h 0x0000001f popfd 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov eax, edi 0x00000028 pushfd 0x00000029 jmp 00007F74AD0D7CCFh 0x0000002e sbb eax, 05CD99BEh 0x00000034 jmp 00007F74AD0D7CD9h 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeRDTSC instruction interceptor: First address: 5320906 second address: 532090C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Tries to evade debugger and weak emulator (self modifying code)
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSpecial instruction interceptor: First address: 95F88D instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSpecial instruction interceptor: First address: B93D1F instructions caused by: Self-modifying code
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: 34F88D instructions caused by: Self-modifying code
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: 583D1F instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: 97F88D instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: BB3D1F instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_05370822 rdtsc 0_2_05370822
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow / User API: threadDelayed 972Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow / User API: threadDelayed 983Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeWindow / User API: threadDelayed 1107Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1222Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1137Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 746Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1128Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1135Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 762Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1121Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 951Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1088Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1171Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1129Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7364Thread sleep count: 34 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7364Thread sleep time: -68034s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7340Thread sleep count: 972 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7340Thread sleep time: -1944972s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7356Thread sleep count: 983 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7356Thread sleep time: -1966983s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7288Thread sleep count: 105 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7288Thread sleep count: 243 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7568Thread sleep count: 245 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7348Thread sleep count: 1107 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exe TID: 7348Thread sleep time: -2215107s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7640Thread sleep count: 85 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7640Thread sleep time: -170085s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7632Thread sleep count: 107 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7632Thread sleep time: -214107s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7576Thread sleep count: 100 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7576Thread sleep count: 1222 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7576Thread sleep time: -123422s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7860Thread sleep count: 1137 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7860Thread sleep count: 746 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7860Thread sleep time: -74600s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7612Thread sleep count: 106 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7612Thread sleep time: -212106s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7624Thread sleep count: 116 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7624Thread sleep time: -232116s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7732Thread sleep count: 78 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7732Thread sleep time: -156078s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7724Thread sleep count: 120 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7724Thread sleep time: -240120s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7588Thread sleep count: 91 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7720Thread sleep count: 114 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7720Thread sleep time: -228114s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7712Thread sleep count: 117 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7712Thread sleep time: -234117s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7588Thread sleep count: 1128 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7588Thread sleep time: -113928s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7864Thread sleep count: 1135 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7864Thread sleep count: 762 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7864Thread sleep time: -76200s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7736Thread sleep count: 69 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7736Thread sleep time: -138069s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7932Thread sleep time: -58029s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7912Thread sleep count: 1121 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7912Thread sleep time: -2243121s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7888Thread sleep count: 262 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8012Thread sleep count: 223 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7920Thread sleep count: 951 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7920Thread sleep time: -1902951s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7908Thread sleep count: 1088 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7908Thread sleep time: -2177088s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 3104Thread sleep count: 33 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 3104Thread sleep time: -66033s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8172Thread sleep count: 1171 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8172Thread sleep time: -2343171s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8152Thread sleep count: 250 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7180Thread sleep count: 255 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 3168Thread sleep count: 1129 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 3168Thread sleep time: -2259129s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
            Source: RageMP131.exe, RageMP131.exe, 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
            Source: MPGPH131.exe, 00000007.00000002.3789574147.0000000000BAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
            Source: RageMP131.exe, 00000008.00000002.3789735499.00000000012A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000F
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.000000000138E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000g
            Source: RageMP131.exe, 0000000A.00000002.3790015018.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.0000000001380000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: RageMP131.exe, 00000008.00000002.3789533093.000000000116D000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&0000
            Source: RageMP131.exe, 0000000A.00000002.3789536237.00000000010FD000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: RageMP131.exe, 0000000A.00000002.3790015018.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
            Source: RageMP131.exe, 00000008.00000002.3789735499.00000000012EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_3BBBC0DC
            Source: MPGPH131.exe, 00000007.00000002.3789574147.0000000000BAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}8
            Source: RageMP131.exe, 0000000A.00000002.3790015018.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}X
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.00000000013C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000na\AppData\Local\Temp\heidiAo
            Source: RageMP131.exe, 0000000A.00000003.1561636088.00000000014BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: RageMP131.exe, 0000000A.00000002.3790015018.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&?
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
            Source: RageMP131.exe, 0000000A.00000002.3790015018.00000000014BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scsi#disk&ven_vmware&pro
            Source: MPGPH131.exe, 00000007.00000002.3789574147.0000000000BAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}-
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.0000000001380000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}6
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.00000000013C6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3789661923.0000000000E31000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3789574147.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3789735499.00000000012E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: MPGPH131.exe, 00000007.00000002.3789574147.0000000000BAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_3BBBC0DC
            Source: LisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.000000000138E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}l
            Source: MPGPH131.exe, 00000007.00000002.3789534947.0000000000B3D000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Hn
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Hides threads from debuggers
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebuggerJump to behavior
            Potentially malicious time measurement code found
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_0537005C Start: 05370108 End: 053700730_2_0537005C
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_053708AC Start: 05370B37 End: 053708C00_2_053708AC
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_04D509DC Start: 04D50B05 End: 04D509AD7_2_04D509DC
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_04D605BD Start: 04D60667 End: 04D605D97_2_04D605BD
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_053A008B Start: 053A017F End: 053A005D8_2_053A008B
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_05420338 Start: 05420352 End: 0542034C10_2_05420338
            Tries to detect sandboxes and other dynamic analysis tools (window names)
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeOpen window title or class name: regmonclass
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeOpen window title or class name: gbdyllo
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeOpen window title or class name: procmon_window_class
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeOpen window title or class name: ollydbg
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeOpen window title or class name: filemonclass
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: NTICE
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: SICE
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: SIWVID
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeProcess queried: DebugPortJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_05370822 rdtsc 0_2_05370822
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00883A40 mov eax, dword ptr fs:[00000030h]0_2_00883A40
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00883A40 mov eax, dword ptr fs:[00000030h]0_2_00883A40
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_00834100 mov eax, dword ptr fs:[00000030h]0_2_00834100
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00273A40 mov eax, dword ptr fs:[00000030h]6_2_00273A40
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00273A40 mov eax, dword ptr fs:[00000030h]6_2_00273A40
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00224100 mov eax, dword ptr fs:[00000030h]6_2_00224100
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00273A40 mov eax, dword ptr fs:[00000030h]7_2_00273A40
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00273A40 mov eax, dword ptr fs:[00000030h]7_2_00273A40
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00224100 mov eax, dword ptr fs:[00000030h]7_2_00224100
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008A3A40 mov eax, dword ptr fs:[00000030h]8_2_008A3A40
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_008A3A40 mov eax, dword ptr fs:[00000030h]8_2_008A3A40
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00854100 mov eax, dword ptr fs:[00000030h]8_2_00854100
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008A3A40 mov eax, dword ptr fs:[00000030h]10_2_008A3A40
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_008A3A40 mov eax, dword ptr fs:[00000030h]10_2_008A3A40
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 10_2_00854100 mov eax, dword ptr fs:[00000030h]10_2_00854100
            Source: RageMP131.exe, RageMP131.exe, 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Program Manager
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeCode function: 0_2_008FF26A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_008FF26A
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_185.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected RisePro Stealer
            Source: Yara matchFile source: 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: LisectAVT_2403002A_185.exe PID: 7284, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7572, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7584, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 7884, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8148, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected RisePro Stealer
            Source: Yara matchFile source: 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: LisectAVT_2403002A_185.exe PID: 7284, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7572, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7584, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 7884, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8148, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
            Command and Scripting Interpreter            		1
            Scheduled Task/Job            		2
            Process Injection            		1
            Masquerading            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		1
            Registry Run Keys / Startup Folder            		1
            Scheduled Task/Job            		24
            Virtualization/Sandbox Evasion            		LSASS Memory641
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Registry Run Keys / Startup Folder            		2
            Process Injection            		Security Account Manager24
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
            Software Packing            		Cached Domain Credentials214
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1482448 Sample: LisectAVT_2403002A_185.exe Startdate: 25/07/2024 Architecture: WINDOWS Score: 100 36 Antivirus / Scanner detection for submitted sample 2->36 38 Yara detected RisePro Stealer 2->38 40 Machine Learning detection for sample 2->40 42 3 other signatures 2->42 7 LisectAVT_2403002A_185.exe 1 9 2->7         started        12 RageMP131.exe 2 2->12         started        14 MPGPH131.exe 2 2->14         started        16 2 other processes 2->16 process3 dnsIp4 34 193.233.132.74, 49706, 49707, 49708 FREE-NET-ASFREEnetEU Russian Federation 7->34 26 C:\Users\user\AppData\Local\...\RageMP131.exe, PE32 7->26 dropped 28 C:\ProgramData\MPGPH131\MPGPH131.exe, PE32 7->28 dropped 30 C:\Users\...\RageMP131.exe:Zone.Identifier, ASCII 7->30 dropped 32 C:\...\MPGPH131.exe:Zone.Identifier, ASCII 7->32 dropped 44 Detected unpacking (changes PE section rights) 7->44 46 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 7->46 48 Uses schtasks.exe or at.exe to add and modify task schedules 7->48 50 Tries to detect virtualization through RDTSC time measurements 7->50 18 schtasks.exe 1 7->18         started        20 schtasks.exe 1 7->20         started        52 Antivirus detection for dropped file 12->52 54 Tries to detect sandboxes and other dynamic analysis tools (window names) 12->54 56 Machine Learning detection for dropped file 12->56 58 Tries to evade debugger and weak emulator (self modifying code) 14->58 60 Hides threads from debuggers 14->60 62 Potentially malicious time measurement code found 14->62 64 Tries to detect sandboxes / dynamic malware analysis system (registry check) 16->64 66 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 16->66 file5 signatures6 process7 process8 22 conhost.exe 18->22         started        24 conhost.exe 20->24         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            LisectAVT_2403002A_185.exe100%AviraTR/Redcap.xyhrk
            LisectAVT_2403002A_185.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\RageMP131\RageMP131.exe100%AviraTR/Redcap.xyhrk
            C:\ProgramData\MPGPH131\MPGPH131.exe100%AviraTR/Redcap.xyhrk
            C:\Users\user\AppData\Local\RageMP131\RageMP131.exe100%Joe Sandbox ML
            C:\ProgramData\MPGPH131\MPGPH131.exe100%Joe Sandbox ML

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.winimage.com/zLibDll0%URL Reputationsafe
            https://t.me/RiseProSUPPORT0%Avira URL Cloudsafe
            https://t.me/RiseProSUPPORTD0%Avira URL Cloudsafe
            https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll0%Avira URL Cloudsafe
            https://t.me/RiseProSUPPORTN0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dllLisectAVT_2403002A_185.exe, 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_185.exe, 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.winimage.com/zLibDllLisectAVT_2403002A_185.exe, 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_185.exe, 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://t.me/RiseProSUPPORTLisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.000000000138E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3789661923.0000000000DFD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3789574147.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3789735499.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3790015018.0000000001478000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://t.me/RiseProSUPPORTDRageMP131.exe, 0000000A.00000002.3790015018.0000000001478000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://t.me/RiseProSUPPORTNLisectAVT_2403002A_185.exe, 00000000.00000002.3789734640.000000000138E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            193.233.132.74
            		unknownRussian Federation
            		2895FREE-NET-ASFREEnetEUtrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1482448
            Start date and time:2024-07-25 23:06:55 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 11m 0s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:14
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:LisectAVT_2403002A_185.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@11/5@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:Failed
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • VT rate limit hit for: LisectAVT_2403002A_185.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            17:08:14API Interceptor3219228x Sleep call for process: LisectAVT_2403002A_185.exe modified
            17:08:20API Interceptor5511x Sleep call for process: MPGPH131.exe modified
            17:08:28API Interceptor4595929x Sleep call for process: RageMP131.exe modified
            22:07:49Task SchedulerRun new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
            22:07:49Task SchedulerRun new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
            22:07:49AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
            22:07:57AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            193.233.132.74LisectAVT_2403002A_218.exeGet hashmaliciousRisePro StealerBrowse
              LisectAVT_2403002A_228.exeGet hashmaliciousRisePro StealerBrowse
                LisectAVT_2403002A_376.exeGet hashmaliciousRisePro StealerBrowse
                  LisectAVT_2403002B_242.exeGet hashmaliciousRisePro StealerBrowse
                    LisectAVT_2403002A_224.exeGet hashmaliciousRisePro StealerBrowse
                      80OrFCsz0u.exeGet hashmaliciousGCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                        SecuriteInfo.com.Win64.Evo-gen.28136.30716.exeGet hashmaliciousGCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                          file.exeGet hashmaliciousRisePro StealerBrowse
                            vGDqFBB1Jz.exeGet hashmaliciousRisePro StealerBrowse
                              iKV7MCWDJF.exeGet hashmaliciousRisePro StealerBrowse

                                Domains

                                No context

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                FREE-NET-ASFREEnetEULisectAVT_2403002A_191.exeGet hashmaliciousRisePro StealerBrowse
                                • 193.233.132.62
                                LisectAVT_2403002A_218.exeGet hashmaliciousRisePro StealerBrowse
                                • 193.233.132.74
                                LisectAVT_2403002A_228.exeGet hashmaliciousRisePro StealerBrowse
                                • 193.233.132.74
                                LisectAVT_2403002A_30.exeGet hashmaliciousAmadeyBrowse
                                • 193.233.132.56
                                LisectAVT_2403002A_33.exeGet hashmaliciousAmadeyBrowse
                                • 193.233.132.56
                                LisectAVT_2403002A_376.exeGet hashmaliciousRisePro StealerBrowse
                                • 193.233.132.74
                                LisectAVT_2403002A_389.exeGet hashmaliciousAmadeyBrowse
                                • 193.233.132.56
                                LisectAVT_2403002A_419.exeGet hashmaliciousRisePro StealerBrowse
                                • 193.233.132.67
                                LisectAVT_2403002A_419.exeGet hashmaliciousRisePro StealerBrowse
                                • 193.233.132.67
                                LisectAVT_2403002A_464.exeGet hashmaliciousRisePro StealerBrowse
                                • 193.233.132.109

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\ProgramData\MPGPH131\MPGPH131.exe

                                Download File
                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_185.exe
                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):2328582
                                Entropy (8bit):7.965058550429932
                                Encrypted:false
                                SSDEEP:49152:etQqvanIGlHKxr+3nvtzf6Y42KNfH4KNYsONdgEM:BP1qR+fFN42KNfH9ONdW
                                MD5:E4561AD384F825254DDF8335308BBBCF
                                SHA1:0379BBD4B8684CAA337908286B870F5E38A58693
                                SHA-256:8506917C0D92DF1DE8F1F7E6883669A0190D9997532A653D085D51A4E2123D13
                                SHA-512:B9DA16205FF58C533177EE82C312F232DB55434B575A42F0DF541711AEEA4867589AF79D4EB0CFF478F080789EB5E1AED016A17E86AB99A3FED53B189B65E9E3
                                Malicious:true
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                Reputation:low
                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......."...f.{Tf.{Tf.{T-.xUk.{T-.~U..{T-.|Ug.{T)..Tb.{T)..Ut.{T).xUq.{T).~U3.{T-..U..{T-.}Ug.{T-.zU}.{Tf.zT@.{T..rUz.{T..{Ug.{T...Tg.{Tf..Tg.{T..yUg.{TRichf.{T................PE..L....b.e...............".....0........Y...........@...........................Y......#...@...........................Y.L...U...i.......X+.......................................................................................................... . .p..........................@....rsrc...X+..........................@....idata ............."..............@... ..+..........$..............@...kcbbzddg.`...p?..\...&..............@...ixbabcmr......Y.......#.............@...........................................................................................................................................................................................................................

                                C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier

                                Download File
                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_185.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):26
                                Entropy (8bit):3.95006375643621
                                Encrypted:false
                                SSDEEP:3:ggPYV:rPYV
                                MD5:187F488E27DB4AF347237FE461A079AD
                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                Malicious:true
                                Reputation:high, very likely benign file
                                Preview:[ZoneTransfer]....ZoneId=0

                                C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

                                Download File
                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_185.exe
                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):2328582
                                Entropy (8bit):7.965058550429932
                                Encrypted:false
                                SSDEEP:49152:etQqvanIGlHKxr+3nvtzf6Y42KNfH4KNYsONdgEM:BP1qR+fFN42KNfH9ONdW
                                MD5:E4561AD384F825254DDF8335308BBBCF
                                SHA1:0379BBD4B8684CAA337908286B870F5E38A58693
                                SHA-256:8506917C0D92DF1DE8F1F7E6883669A0190D9997532A653D085D51A4E2123D13
                                SHA-512:B9DA16205FF58C533177EE82C312F232DB55434B575A42F0DF541711AEEA4867589AF79D4EB0CFF478F080789EB5E1AED016A17E86AB99A3FED53B189B65E9E3
                                Malicious:true
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                Reputation:low
                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......."...f.{Tf.{Tf.{T-.xUk.{T-.~U..{T-.|Ug.{T)..Tb.{T)..Ut.{T).xUq.{T).~U3.{T-..U..{T-.}Ug.{T-.zU}.{Tf.zT@.{T..rUz.{T..{Ug.{T...Tg.{Tf..Tg.{T..yUg.{TRichf.{T................PE..L....b.e...............".....0........Y...........@...........................Y......#...@...........................Y.L...U...i.......X+.......................................................................................................... . .p..........................@....rsrc...X+..........................@....idata ............."..............@... ..+..........$..............@...kcbbzddg.`...p?..\...&..............@...ixbabcmr......Y.......#.............@...........................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

                                Download File
                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_185.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):26
                                Entropy (8bit):3.95006375643621
                                Encrypted:false
                                SSDEEP:3:ggPYV:rPYV
                                MD5:187F488E27DB4AF347237FE461A079AD
                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                Malicious:true
                                Reputation:high, very likely benign file
                                Preview:[ZoneTransfer]....ZoneId=0

                                C:\Users\user\AppData\Local\Temp\rage131MP.tmp

                                Download File
                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_185.exe
                                File Type:ASCII text, with no line terminators
                                Category:modified
                                Size (bytes):13
                                Entropy (8bit):2.6612262562697895
                                Encrypted:false
                                SSDEEP:3:LE8n:B
                                MD5:BE70E5BC47A6C957551330DFF4DE1D49
                                SHA1:E923449442B40A379DEB49F1A8BDAC31F7FBB468
                                SHA-256:FB4732654AFF3419F1A24EB24509565B8374898643BA3F4F2EE659DF0A9E66EE
                                SHA-512:BD7BEA5AC3D9CB8B565175E62BF6DA4C978DE18B412EFFB1F034378A444C874CE6B8DEC22B77E99A28666A422CF2BE1D7BF8C6BA0D9F3C35A2C5CE7A32940C46
                                Malicious:false
                                Reputation:low
                                Preview:1721946891794

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Entropy (8bit):7.965058550429932
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:LisectAVT_2403002A_185.exe
                                File size:2'328'582 bytes
                                MD5:e4561ad384f825254ddf8335308bbbcf
                                SHA1:0379bbd4b8684caa337908286b870f5e38a58693
                                SHA256:8506917c0d92df1de8f1f7e6883669a0190d9997532a653d085d51a4e2123d13
                                SHA512:b9da16205ff58c533177ee82c312f232db55434b575a42f0df541711aeea4867589af79d4eb0cff478f080789eb5e1aed016a17e86ab99a3fed53b189b65e9e3
                                SSDEEP:49152:etQqvanIGlHKxr+3nvtzf6Y42KNfH4KNYsONdgEM:BP1qR+fFN42KNfH9ONdW
                                TLSH:EBB533A31C280247FEA32771996914986A94FFA00E76F5DE1FD22CD7F01F28DE8856C5
                                File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......."...f.{Tf.{Tf.{T-.xUk.{T-.~U..{T-.|Ug.{T)..Tb.{T)..Ut.{T).xUq.{T).~U3.{T-..U..{T-.}Ug.{T-.zU}.{Tf.zT@.{T..rUz.{T..{Ug.{T...Tg.{

                                File Icon

                                Icon Hash:c769eccc64f6e2bb

                                Static PE Info

                                General

                                Entrypoint:0x99d000
                                Entrypoint Section:ixbabcmr
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                Time Stamp:0x65FD62AE [Fri Mar 22 10:51:26 2024 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:6
                                OS Version Minor:0
                                File Version Major:6
                                File Version Minor:0
                                Subsystem Version Major:6
                                Subsystem Version Minor:0
                                Import Hash:2eabe9054cad5152567f0699947a2c5b

                                Entrypoint Preview

                                Instruction
                                push ebx
                                mov dword ptr [esp], 284FAD0Eh
                                mov dword ptr [esp], eax
                                mov dword ptr [esp], esi
                                push ebx
                                push esp
                                pop ebx
                                add ebx, 00000004h
                                sub ebx, 04h
                                xchg dword ptr [esp], ebx
                                pop esp
                                mov dword ptr [esp], eax
                                push eax
                                mov eax, esp
                                add eax, 00000004h
                                sub eax, 04h
                                xchg dword ptr [esp], eax
                                pop esp
                                mov dword ptr [esp], ecx
                                mov dword ptr [esp], ebx
                                call 00007F74ACD59286h
                                int3
                                push dword ptr [esp]
                                mov eax, dword ptr [esp]
                                add esp, 00000004h
                                add esp, 00000004h
                                push edx
                                mov dword ptr [esp], eax
                                add dword ptr [esp], 5EFAAA36h
                                pop ebx
                                push edx
                                mov edx, 11917529h
                                inc edx
                                and edx, 77F59D10h
                                shl edx, 08h
                                neg edx
                                and edx, 75F7F841h
                                xor edx, 3A19AA36h
                                sub ebx, edx
                                pop edx
                                push edi
                                mov edi, FFFFFFFFh
                                sub eax, edi
                                mov edi, dword ptr [esp]
                                add esp, 04h
                                push 0BE3668Ah
                                mov dword ptr [esp], ecx
                                mov ecx, 001A6000h
                                sub eax, ecx
                                mov ecx, dword ptr [esp]
                                add esp, 00000004h
                                sub eax, 0DBA003Ch
                                add eax, 0DBA0000h
                                cmp byte ptr [ebx], FFFFFFCCh
                                jne 00007F74ACD59337h
                                push ebp
                                mov dword ptr [esp], ecx
                                mov cl, EEh
                                add cl, 0000000Ch
                                shr cl, 00000007h
                                add cl, FFFFFFB9h
                                add cl, 00000001h
                                sub cl, 00000000h

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x599fa40x4ckcbbzddg
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x13b0550x69.idata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1380000x2b58.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x13b1f80x8.idata
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                0x10000x1370000x9060046445c4e7f30e8818123b334945f143fFalse0.9993641774891775data7.985397454316368IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rsrc0x1380000x2b580xc0012c572daf7edcc01809c83d495523296False0.83984375data7.029029636351581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .idata 0x13b0000x10000x200745dea56938759dccaf9e183aa01b020False0.146484375data0.998472215956371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                0x13c0000x2bb0000x2009b8a148aa552a5bd298c843c153e1f58unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                kcbbzddg0x3f70000x1a60000x1a5c00197a03127b88e9e53028d912b2d4a4afFalse0.9894442103215768data7.949002544785609IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                ixbabcmr0x59d0000x10000x6009dfe49aca0b251e0875364c8c6609388False0.6165364583333334data5.273959953963499IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_ICON0x599ff00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RussianRussia0.1892116182572614
                                RT_GROUP_ICON0x59c5980x14dataRussianRussia1.15
                                RT_VERSION0x59c5ac0x2e4dataRussianRussia0.4689189189189189
                                RT_MANIFEST0x59c8900x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                Imports

                                DLLImport
                                kernel32.dlllstrcpy

                                Exports

                                NameOrdinalAddress
                                Start10x466e80

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                RussianRussia
                                EnglishUnited States

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                2024-07-25T23:07:58.426243+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4970758709192.168.2.9193.233.132.74
                                2024-07-25T23:07:49.737468+0200TCP2049060ET MALWARE RisePro TCP Heartbeat Packet4970658709192.168.2.9193.233.132.74
                                2024-07-25T23:07:52.722847+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4970658709192.168.2.9193.233.132.74
                                2024-07-25T23:08:30.745853+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4436444040.127.169.103192.168.2.9
                                2024-07-25T23:08:12.379153+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4971258709192.168.2.9193.233.132.74
                                2024-07-25T23:08:04.317411+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4970958709192.168.2.9193.233.132.74
                                2024-07-25T23:07:55.457201+0200TCP2049060ET MALWARE RisePro TCP Heartbeat Packet4970858709192.168.2.9193.233.132.74
                                2024-07-25T23:07:58.426100+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4970858709192.168.2.9193.233.132.74
                                2024-07-25T23:08:03.751669+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434971040.127.169.103192.168.2.9

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jul 25, 2024 23:07:49.708216906 CEST4970658709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:49.713745117 CEST5870949706193.233.132.74192.168.2.9
                                Jul 25, 2024 23:07:49.713821888 CEST4970658709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:49.737468004 CEST4970658709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:49.742458105 CEST5870949706193.233.132.74192.168.2.9
                                Jul 25, 2024 23:07:52.722846985 CEST4970658709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:52.730820894 CEST5870949706193.233.132.74192.168.2.9
                                Jul 25, 2024 23:07:55.428355932 CEST4970758709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:55.428389072 CEST4970858709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:55.433662891 CEST5870949707193.233.132.74192.168.2.9
                                Jul 25, 2024 23:07:55.433706045 CEST5870949708193.233.132.74192.168.2.9
                                Jul 25, 2024 23:07:55.433743954 CEST4970758709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:55.433784008 CEST4970858709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:55.455988884 CEST4970758709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:55.457201004 CEST4970858709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:55.461016893 CEST5870949707193.233.132.74192.168.2.9
                                Jul 25, 2024 23:07:55.462080002 CEST5870949708193.233.132.74192.168.2.9
                                Jul 25, 2024 23:07:58.426100016 CEST4970858709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:58.426243067 CEST4970758709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:07:58.431231976 CEST5870949708193.233.132.74192.168.2.9
                                Jul 25, 2024 23:07:58.431386948 CEST5870949707193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:01.309616089 CEST4970958709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:01.314835072 CEST5870949709193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:01.314910889 CEST4970958709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:01.328531981 CEST4970958709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:01.333595991 CEST5870949709193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:04.317410946 CEST4970958709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:04.430593014 CEST5870949709193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:09.359584093 CEST4971258709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:09.364620924 CEST5870949712193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:09.364706039 CEST4971258709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:09.392718077 CEST4971258709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:09.400499105 CEST5870949712193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:11.108750105 CEST5870949706193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:11.108861923 CEST4970658709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:12.379153013 CEST4971258709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:12.384428978 CEST5870949712193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:16.875992060 CEST5870949708193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:16.876084089 CEST4970858709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:16.893651962 CEST5870949707193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:16.893728971 CEST4970758709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:23.169022083 CEST5870949709193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:23.169115067 CEST4970958709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:23.169301033 CEST5870949709193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:23.169353008 CEST4970958709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:23.169658899 CEST5870949709193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:23.169704914 CEST4970958709192.168.2.9193.233.132.74
                                Jul 25, 2024 23:08:30.769499063 CEST5870949712193.233.132.74192.168.2.9
                                Jul 25, 2024 23:08:30.769634962 CEST4971258709192.168.2.9193.233.132.74

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jul 25, 2024 23:08:28.996054888 CEST5364832162.159.36.2192.168.2.9
                                Jul 25, 2024 23:08:29.496177912 CEST53586751.1.1.1192.168.2.9

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:17:07:43
                                Start date:25/07/2024
                                Path:C:\Users\user\Desktop\LisectAVT_2403002A_185.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\LisectAVT_2403002A_185.exe"
                                Imagebase:0x820000
                                File size:2'328'582 bytes
                                MD5 hash:E4561AD384F825254DDF8335308BBBCF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:2
                                Start time:17:07:48
                                Start date:25/07/2024
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                Imagebase:0xa40000
                                File size:187'904 bytes
                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:3
                                Start time:17:07:48
                                Start date:25/07/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff70f010000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:4
                                Start time:17:07:48
                                Start date:25/07/2024
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                                Imagebase:0xa40000
                                File size:187'904 bytes
                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:5
                                Start time:17:07:48
                                Start date:25/07/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff70f010000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:6
                                Start time:17:07:49
                                Start date:25/07/2024
                                Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                Wow64 process (32bit):true
                                Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                Imagebase:0x210000
                                File size:2'328'582 bytes
                                MD5 hash:E4561AD384F825254DDF8335308BBBCF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 100%, Joe Sandbox ML
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:7
                                Start time:17:07:49
                                Start date:25/07/2024
                                Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                Wow64 process (32bit):true
                                Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                Imagebase:0x210000
                                File size:2'328'582 bytes
                                MD5 hash:E4561AD384F825254DDF8335308BBBCF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:8
                                Start time:17:07:57
                                Start date:25/07/2024
                                Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                Imagebase:0x840000
                                File size:2'328'582 bytes
                                MD5 hash:E4561AD384F825254DDF8335308BBBCF
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 100%, Joe Sandbox ML
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:10
                                Start time:17:08:05
                                Start date:25/07/2024
                                Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                Imagebase:0x840000
                                File size:2'328'582 bytes
                                MD5 hash:E4561AD384F825254DDF8335308BBBCF
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:false

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:2.8%
                                  Dynamic/Decrypted Code Coverage:1.3%
                                  Signature Coverage:2.6%
                                  Total number of Nodes:615
                                  Total number of Limit Nodes:61
                                  execution_graph 18942 5370737 18943 5370747 18942->18943 18946 5370822 18943->18946 18947 537086a GetCurrentHwProfileW 18946->18947 18949 53708f8 18947->18949 18932 883a40 18935 883a55 18932->18935 18933 883b28 GetPEB 18933->18935 18934 883a73 GetPEB 18934->18935 18935->18933 18935->18934 18936 883b9d Sleep 18935->18936 18937 883ae8 Sleep 18935->18937 18938 883bc7 18935->18938 18936->18935 18937->18935 20065 5370866 20066 537087a GetCurrentHwProfileW 20065->20066 20068 53708f8 20066->20068 18201 82a210 18234 8ff290 18201->18234 18203 82a248 18239 822ae0 18203->18239 18205 82a28b 18255 905362 18205->18255 18209 82a377 18211 82a34e 18211->18209 18284 9047b0 18211->18284 18215 909136 4 API calls 18216 82a2fc 18215->18216 18221 82a318 18216->18221 18270 88cf60 18216->18270 18275 90dbdf 18221->18275 18236 8221d0 Concurrency::cancel_current_task std::_Xinvalid_argument ___std_exception_copy std::_Facet_Register 18234->18236 18235 8ff2af 18235->18203 18236->18235 18287 900651 18236->18287 18240 822ba5 18239->18240 18245 822af6 18239->18245 18505 822270 18240->18505 18242 822b02 std::locale::_Locimp::_Locimp 18242->18205 18243 822baa 18515 8221d0 18243->18515 18245->18242 18247 822b65 18245->18247 18248 822b6e 18245->18248 18251 822b2a 18245->18251 18246 8ff290 std::_Facet_Register RtlAllocateHeap 18249 822b3d 18246->18249 18247->18243 18247->18251 18253 8ff290 std::_Facet_Register RtlAllocateHeap 18248->18253 18254 822b46 std::locale::_Locimp::_Locimp 18248->18254 18250 9047b0 RtlAllocateHeap 18249->18250 18249->18254 18252 822bb4 18250->18252 18251->18246 18253->18254 18254->18205 18528 9052a0 18255->18528 18257 82a2d7 18257->18211 18258 909136 18257->18258 18259 909149 ___std_exception_copy 18258->18259 18552 908e8d 18259->18552 18261 90915e 18262 9044dc ___std_exception_copy RtlAllocateHeap 18261->18262 18263 82a2ea 18262->18263 18264 904eeb 18263->18264 18265 904efe ___std_exception_copy 18264->18265 18685 904801 18265->18685 18267 904f0a 18268 9044dc ___std_exception_copy RtlAllocateHeap 18267->18268 18269 82a2f0 18268->18269 18269->18215 18271 88cfa7 18270->18271 18274 88cf78 __fread_nolock 18270->18274 18733 890560 18271->18733 18273 88cfba 18273->18221 18274->18221 18748 90dbfc 18275->18748 18277 82a348 18278 908be8 18277->18278 18279 908bfb ___std_exception_copy 18278->18279 18872 908ac3 18279->18872 18281 908c07 18282 9044dc ___std_exception_copy RtlAllocateHeap 18281->18282 18283 908c13 18282->18283 18283->18211 18285 9046ec ___std_exception_copy RtlAllocateHeap 18284->18285 18286 9047bf __Getctype 18285->18286 18288 90065e ___std_exception_copy 18287->18288 18292 822213 18287->18292 18289 90068b 18288->18289 18288->18292 18293 9156b8 18288->18293 18302 90d7d6 18289->18302 18292->18203 18294 9156d4 18293->18294 18295 9156c6 18293->18295 18305 90d23f 18294->18305 18295->18294 18300 9156ec 18295->18300 18297 9156dc 18308 9047a0 18297->18308 18298 9156e6 18298->18289 18300->18298 18301 90d23f __dosmaperr RtlAllocateHeap 18300->18301 18301->18297 18303 916db3 ___std_exception_copy RtlAllocateHeap 18302->18303 18304 90d7ee 18303->18304 18304->18292 18311 915d2c 18305->18311 18416 9046ec 18308->18416 18312 915d35 __dosmaperr 18311->18312 18320 90d244 18312->18320 18322 9163f3 18312->18322 18314 915d79 __dosmaperr 18315 915d81 __dosmaperr 18314->18315 18316 915db9 18314->18316 18326 916db3 18315->18326 18330 915a09 18316->18330 18320->18297 18321 916db3 ___std_exception_copy RtlAllocateHeap 18321->18320 18323 916400 __dosmaperr std::_Facet_Register 18322->18323 18324 91643e __dosmaperr 18323->18324 18325 91642b RtlAllocateHeap 18323->18325 18324->18314 18325->18323 18325->18324 18327 916de8 18326->18327 18328 916dbe __dosmaperr 18326->18328 18327->18320 18328->18327 18329 90d23f __dosmaperr RtlAllocateHeap 18328->18329 18329->18327 18331 915a77 __dosmaperr 18330->18331 18334 9159af 18331->18334 18333 915aa0 18333->18321 18335 9159bb __fread_nolock std::_Lockit::_Lockit 18334->18335 18338 915b90 18335->18338 18337 9159dd __dosmaperr 18337->18333 18339 915bc6 __Getctype 18338->18339 18340 915b9f __Getctype 18338->18340 18339->18337 18340->18339 18342 91f2a7 18340->18342 18343 91f327 18342->18343 18346 91f2bd 18342->18346 18344 91f375 18343->18344 18347 916db3 ___std_exception_copy RtlAllocateHeap 18343->18347 18410 91f418 18344->18410 18346->18343 18348 91f2f0 18346->18348 18354 916db3 ___std_exception_copy RtlAllocateHeap 18346->18354 18349 91f349 18347->18349 18350 91f312 18348->18350 18355 916db3 ___std_exception_copy RtlAllocateHeap 18348->18355 18351 916db3 ___std_exception_copy RtlAllocateHeap 18349->18351 18353 916db3 ___std_exception_copy RtlAllocateHeap 18350->18353 18352 91f35c 18351->18352 18356 916db3 ___std_exception_copy RtlAllocateHeap 18352->18356 18357 91f31c 18353->18357 18359 91f2e5 18354->18359 18361 91f307 18355->18361 18362 91f36a 18356->18362 18363 916db3 ___std_exception_copy RtlAllocateHeap 18357->18363 18358 91f3e3 18364 916db3 ___std_exception_copy RtlAllocateHeap 18358->18364 18370 91e5ab 18359->18370 18360 91f383 18360->18358 18366 916db3 RtlAllocateHeap ___std_exception_copy 18360->18366 18398 91ea0a 18361->18398 18368 916db3 ___std_exception_copy RtlAllocateHeap 18362->18368 18363->18343 18369 91f3e9 18364->18369 18366->18360 18368->18344 18369->18339 18371 91e5bc 18370->18371 18397 91e6a5 18370->18397 18372 91e5cd 18371->18372 18373 916db3 ___std_exception_copy RtlAllocateHeap 18371->18373 18374 91e5df 18372->18374 18376 916db3 ___std_exception_copy RtlAllocateHeap 18372->18376 18373->18372 18375 91e5f1 18374->18375 18377 916db3 ___std_exception_copy RtlAllocateHeap 18374->18377 18378 91e603 18375->18378 18379 916db3 ___std_exception_copy RtlAllocateHeap 18375->18379 18376->18374 18377->18375 18380 91e615 18378->18380 18381 916db3 ___std_exception_copy RtlAllocateHeap 18378->18381 18379->18378 18382 91e627 18380->18382 18384 916db3 ___std_exception_copy RtlAllocateHeap 18380->18384 18381->18380 18383 91e639 18382->18383 18385 916db3 ___std_exception_copy RtlAllocateHeap 18382->18385 18386 91e64b 18383->18386 18387 916db3 ___std_exception_copy RtlAllocateHeap 18383->18387 18384->18382 18385->18383 18388 916db3 ___std_exception_copy RtlAllocateHeap 18386->18388 18391 91e65d 18386->18391 18387->18386 18388->18391 18389 91e681 18394 91e693 18389->18394 18395 916db3 ___std_exception_copy RtlAllocateHeap 18389->18395 18390 91e66f 18390->18389 18393 916db3 ___std_exception_copy RtlAllocateHeap 18390->18393 18391->18390 18392 916db3 ___std_exception_copy RtlAllocateHeap 18391->18392 18392->18390 18393->18389 18396 916db3 ___std_exception_copy RtlAllocateHeap 18394->18396 18394->18397 18395->18394 18396->18397 18397->18348 18399 91ea6f 18398->18399 18400 91ea17 18398->18400 18399->18350 18401 91ea27 18400->18401 18402 916db3 ___std_exception_copy RtlAllocateHeap 18400->18402 18403 91ea39 18401->18403 18405 916db3 ___std_exception_copy RtlAllocateHeap 18401->18405 18402->18401 18404 91ea4b 18403->18404 18406 916db3 ___std_exception_copy RtlAllocateHeap 18403->18406 18407 91ea5d 18404->18407 18408 916db3 ___std_exception_copy RtlAllocateHeap 18404->18408 18405->18403 18406->18404 18407->18399 18409 916db3 ___std_exception_copy RtlAllocateHeap 18407->18409 18408->18407 18409->18399 18411 91f425 18410->18411 18412 91f444 18410->18412 18411->18412 18413 91ef31 __Getctype RtlAllocateHeap 18411->18413 18412->18360 18414 91f43e 18413->18414 18415 916db3 ___std_exception_copy RtlAllocateHeap 18414->18415 18415->18412 18417 9046fe ___std_exception_copy 18416->18417 18422 904723 18417->18422 18419 904716 18429 9044dc 18419->18429 18423 904733 18422->18423 18425 90473a ___std_exception_copy __Getctype 18422->18425 18435 904541 18423->18435 18426 904748 18425->18426 18427 9046ec ___std_exception_copy RtlAllocateHeap 18425->18427 18426->18419 18428 9047ac 18427->18428 18428->18419 18430 9044e8 18429->18430 18431 9044ff 18430->18431 18450 904587 18430->18450 18433 904512 18431->18433 18434 904587 ___std_exception_copy RtlAllocateHeap 18431->18434 18433->18298 18434->18433 18436 904550 18435->18436 18439 915ddd 18436->18439 18440 915df0 __dosmaperr 18439->18440 18441 904572 18440->18441 18442 9163f3 __dosmaperr RtlAllocateHeap 18440->18442 18441->18425 18443 915e20 __dosmaperr 18442->18443 18444 915e28 __dosmaperr 18443->18444 18445 915e5c 18443->18445 18447 916db3 ___std_exception_copy RtlAllocateHeap 18444->18447 18446 915a09 __dosmaperr RtlAllocateHeap 18445->18446 18448 915e67 18446->18448 18447->18441 18449 916db3 ___std_exception_copy RtlAllocateHeap 18448->18449 18449->18441 18451 904591 18450->18451 18452 90459a 18450->18452 18453 904541 ___std_exception_copy RtlAllocateHeap 18451->18453 18452->18431 18454 904596 18453->18454 18454->18452 18457 910259 18454->18457 18458 91025e std::locale::_Setgloballocale 18457->18458 18462 910269 std::locale::_Setgloballocale 18458->18462 18463 91c7c6 18458->18463 18484 90f224 18462->18484 18465 91c7d2 __fread_nolock 18463->18465 18464 915d2c __dosmaperr RtlAllocateHeap 18470 91c803 std::locale::_Setgloballocale 18464->18470 18465->18464 18466 91c822 18465->18466 18465->18470 18471 91c834 std::_Lockit::_Lockit std::locale::_Setgloballocale 18465->18471 18467 90d23f __dosmaperr RtlAllocateHeap 18466->18467 18468 91c827 18467->18468 18469 9047a0 ___std_exception_copy RtlAllocateHeap 18468->18469 18483 91c80c 18469->18483 18470->18466 18470->18471 18470->18483 18472 91c9a4 std::_Lockit::~_Lockit 18471->18472 18473 91c8a7 18471->18473 18474 91c8d5 std::locale::_Setgloballocale 18471->18474 18475 90f224 std::locale::_Setgloballocale RtlAllocateHeap 18472->18475 18473->18474 18487 915bdb 18473->18487 18478 915bdb __Getctype RtlAllocateHeap 18474->18478 18481 91c92a 18474->18481 18474->18483 18476 91c9b7 18475->18476 18478->18481 18480 915bdb __Getctype RtlAllocateHeap 18480->18474 18482 915bdb __Getctype RtlAllocateHeap 18481->18482 18481->18483 18482->18483 18483->18462 18501 90f094 18484->18501 18486 90f235 18488 915be4 __dosmaperr 18487->18488 18489 915bfb 18488->18489 18490 9163f3 __dosmaperr RtlAllocateHeap 18488->18490 18491 915c8b 18489->18491 18492 910259 __Getctype RtlAllocateHeap 18489->18492 18493 915c28 __dosmaperr 18490->18493 18491->18480 18494 915c95 18492->18494 18495 915c30 __dosmaperr 18493->18495 18496 915c68 18493->18496 18497 916db3 ___std_exception_copy RtlAllocateHeap 18495->18497 18498 915a09 __dosmaperr RtlAllocateHeap 18496->18498 18497->18489 18499 915c73 18498->18499 18500 916db3 ___std_exception_copy RtlAllocateHeap 18499->18500 18500->18489 18503 90f0c1 std::locale::_Setgloballocale 18501->18503 18502 90ef23 std::locale::_Setgloballocale RtlAllocateHeap 18504 90f10a std::locale::_Setgloballocale 18502->18504 18503->18502 18504->18486 18519 8fd6e9 18505->18519 18516 8221de Concurrency::cancel_current_task std::_Xinvalid_argument 18515->18516 18517 900651 ___std_exception_copy RtlAllocateHeap 18516->18517 18518 822213 18517->18518 18518->18249 18522 8fd4af 18519->18522 18521 8fd6fa std::_Xinvalid_argument 18525 823010 18522->18525 18526 900651 ___std_exception_copy RtlAllocateHeap 18525->18526 18527 82303d 18526->18527 18527->18521 18530 9052ac __fread_nolock 18528->18530 18529 9052b3 18531 90d23f __dosmaperr RtlAllocateHeap 18529->18531 18530->18529 18532 9052d3 18530->18532 18533 9052b8 18531->18533 18534 9052e5 18532->18534 18535 9052d8 18532->18535 18536 9047a0 ___std_exception_copy RtlAllocateHeap 18533->18536 18542 916688 18534->18542 18537 90d23f __dosmaperr RtlAllocateHeap 18535->18537 18539 9052c3 18536->18539 18537->18539 18539->18257 18540 9052ee 18540->18539 18541 90d23f __dosmaperr RtlAllocateHeap 18540->18541 18541->18539 18543 916694 __fread_nolock std::_Lockit::_Lockit 18542->18543 18546 91672c 18543->18546 18545 9166af 18545->18540 18551 91674f __fread_nolock 18546->18551 18547 916795 __fread_nolock 18547->18545 18548 9163f3 __dosmaperr RtlAllocateHeap 18549 9167b0 18548->18549 18550 916db3 ___std_exception_copy RtlAllocateHeap 18549->18550 18550->18547 18551->18547 18551->18548 18551->18551 18554 908e99 __fread_nolock 18552->18554 18553 908e9f 18555 904723 ___std_exception_copy RtlAllocateHeap 18553->18555 18554->18553 18556 908ee2 __fread_nolock 18554->18556 18558 908eba 18555->18558 18559 909010 18556->18559 18558->18261 18560 909023 18559->18560 18561 909036 18559->18561 18560->18558 18568 908f37 18561->18568 18563 9090e7 18563->18558 18565 909059 18565->18563 18572 9055d3 18565->18572 18569 908fa0 18568->18569 18570 908f48 18568->18570 18569->18565 18570->18569 18581 90e13d 18570->18581 18573 905613 18572->18573 18574 9055ec 18572->18574 18578 90e17d 18573->18578 18574->18573 18608 915f82 18574->18608 18576 905608 18615 91538b 18576->18615 18579 90e05c __fread_nolock 2 API calls 18578->18579 18580 90e196 18579->18580 18580->18563 18582 90e151 ___std_exception_copy 18581->18582 18587 90e05c 18582->18587 18584 90e166 18585 9044dc ___std_exception_copy RtlAllocateHeap 18584->18585 18586 90e175 18585->18586 18586->18569 18592 91a6de 18587->18592 18589 90e06e 18590 90e08a SetFilePointerEx 18589->18590 18591 90e076 __fread_nolock 18589->18591 18590->18591 18591->18584 18593 91a6eb 18592->18593 18595 91a700 18592->18595 18605 90d22c 18593->18605 18597 90d22c __dosmaperr RtlAllocateHeap 18595->18597 18599 91a725 18595->18599 18600 91a730 18597->18600 18598 90d23f __dosmaperr RtlAllocateHeap 18601 91a6f8 18598->18601 18599->18589 18602 90d23f __dosmaperr RtlAllocateHeap 18600->18602 18601->18589 18603 91a738 18602->18603 18604 9047a0 ___std_exception_copy RtlAllocateHeap 18603->18604 18604->18601 18606 915d2c __dosmaperr RtlAllocateHeap 18605->18606 18607 90d231 18606->18607 18607->18598 18609 915fa3 18608->18609 18610 915f8e 18608->18610 18609->18576 18611 90d23f __dosmaperr RtlAllocateHeap 18610->18611 18612 915f93 18611->18612 18613 9047a0 ___std_exception_copy RtlAllocateHeap 18612->18613 18614 915f9e 18613->18614 18614->18576 18617 915397 __fread_nolock 18615->18617 18616 9153d8 18618 904723 ___std_exception_copy RtlAllocateHeap 18616->18618 18617->18616 18619 91541e 18617->18619 18620 91539f 18617->18620 18618->18620 18619->18620 18622 91549c 18619->18622 18620->18573 18623 9154c4 18622->18623 18635 9154e7 __fread_nolock 18622->18635 18624 9154c8 18623->18624 18626 915523 18623->18626 18625 904723 ___std_exception_copy RtlAllocateHeap 18624->18625 18625->18635 18627 915541 18626->18627 18628 90e17d 2 API calls 18626->18628 18636 914fe1 18627->18636 18628->18627 18631 9155a0 18633 915609 WriteFile 18631->18633 18631->18635 18632 915559 18632->18635 18641 914bb2 18632->18641 18633->18635 18635->18620 18647 920d44 18636->18647 18638 914ff3 18639 915021 18638->18639 18656 909d10 18638->18656 18639->18631 18639->18632 18642 914c1a 18641->18642 18643 909d10 std::_Locinfo::_Locinfo_dtor 2 API calls 18642->18643 18646 914c2b std::_Locinfo::_Locinfo_dtor std::locale::_Locimp::_Locimp 18642->18646 18643->18646 18644 9184be RtlAllocateHeap RtlAllocateHeap 18644->18646 18645 914ee1 _ValidateLocalCookies 18645->18635 18645->18645 18646->18644 18646->18645 18648 920d51 18647->18648 18649 920d5e 18647->18649 18650 90d23f __dosmaperr RtlAllocateHeap 18648->18650 18652 920d6a 18649->18652 18653 90d23f __dosmaperr RtlAllocateHeap 18649->18653 18651 920d56 18650->18651 18651->18638 18652->18638 18654 920d8b 18653->18654 18655 9047a0 ___std_exception_copy RtlAllocateHeap 18654->18655 18655->18651 18657 904587 ___std_exception_copy RtlAllocateHeap 18656->18657 18658 909d20 18657->18658 18663 915ef3 18658->18663 18664 909d3d 18663->18664 18665 915f0a 18663->18665 18667 915f51 18664->18667 18665->18664 18671 91f4f3 18665->18671 18668 915f68 18667->18668 18669 909d4a 18667->18669 18668->18669 18680 91d81e 18668->18680 18669->18639 18672 91f4ff __fread_nolock 18671->18672 18673 915bdb __Getctype RtlAllocateHeap 18672->18673 18674 91f508 std::_Lockit::_Lockit 18673->18674 18675 91f574 __Getctype RtlAllocateHeap 18674->18675 18677 91f54e 18674->18677 18676 91f537 __Getctype 18675->18676 18676->18677 18678 910259 __Getctype RtlAllocateHeap 18676->18678 18677->18664 18679 91f573 18678->18679 18681 915bdb __Getctype RtlAllocateHeap 18680->18681 18682 91d823 18681->18682 18683 91d736 std::_Locinfo::_Locinfo_dtor RtlAllocateHeap RtlAllocateHeap 18682->18683 18684 91d82e 18683->18684 18684->18669 18686 90480d __fread_nolock 18685->18686 18687 904814 18686->18687 18688 904835 __fread_nolock 18686->18688 18689 904723 ___std_exception_copy RtlAllocateHeap 18687->18689 18692 904910 18688->18692 18690 90482d 18689->18690 18690->18267 18695 904942 18692->18695 18694 904922 18694->18690 18696 904951 18695->18696 18697 904979 18695->18697 18698 904723 ___std_exception_copy RtlAllocateHeap 18696->18698 18699 915f82 __fread_nolock RtlAllocateHeap 18697->18699 18707 90496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18698->18707 18700 904982 18699->18700 18708 90e11f 18700->18708 18703 904a2c 18711 904cae 18703->18711 18705 904a43 18705->18707 18719 904ae3 18705->18719 18707->18694 18726 90df37 18708->18726 18710 9049a0 18710->18703 18710->18705 18710->18707 18712 904cbd 18711->18712 18713 915f82 __fread_nolock RtlAllocateHeap 18712->18713 18714 904cd9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18713->18714 18715 90e11f 2 API calls 18714->18715 18718 904ce5 _ValidateLocalCookies 18714->18718 18716 904d39 18715->18716 18717 90e11f 2 API calls 18716->18717 18716->18718 18717->18718 18718->18707 18720 915f82 __fread_nolock RtlAllocateHeap 18719->18720 18721 904af6 18720->18721 18722 90e11f 2 API calls 18721->18722 18724 904b40 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18721->18724 18723 904b9d 18722->18723 18723->18724 18725 90e11f 2 API calls 18723->18725 18724->18707 18725->18724 18727 90df43 __fread_nolock 18726->18727 18728 90df86 18727->18728 18730 90dfcc 18727->18730 18732 90df4b 18727->18732 18729 904723 ___std_exception_copy RtlAllocateHeap 18728->18729 18729->18732 18731 90e05c __fread_nolock 2 API calls 18730->18731 18730->18732 18731->18732 18732->18710 18734 8906a9 18733->18734 18738 890585 18733->18738 18735 822270 RtlAllocateHeap 18734->18735 18736 8906ae 18735->18736 18737 8221d0 Concurrency::cancel_current_task RtlAllocateHeap 18736->18737 18746 8905aa __fread_nolock std::locale::_Locimp::_Locimp 18737->18746 18739 8905f0 18738->18739 18740 8905e3 18738->18740 18743 89059a 18738->18743 18745 8ff290 std::_Facet_Register RtlAllocateHeap 18739->18745 18739->18746 18740->18736 18740->18743 18741 8ff290 std::_Facet_Register RtlAllocateHeap 18741->18746 18742 9047b0 RtlAllocateHeap 18744 8906b8 18742->18744 18743->18741 18745->18746 18746->18742 18747 890667 __fread_nolock std::locale::_Locimp::_Locimp 18746->18747 18747->18273 18749 90dc08 __fread_nolock 18748->18749 18750 90dc52 __fread_nolock 18749->18750 18751 90dc1b __fread_nolock 18749->18751 18755 90dc40 __fread_nolock 18749->18755 18757 90da06 18750->18757 18752 90d23f __dosmaperr RtlAllocateHeap 18751->18752 18754 90dc35 18752->18754 18756 9047a0 ___std_exception_copy RtlAllocateHeap 18754->18756 18755->18277 18756->18755 18759 90da18 __fread_nolock 18757->18759 18763 90da35 18757->18763 18758 90da25 18760 90d23f __dosmaperr RtlAllocateHeap 18758->18760 18759->18758 18762 90da76 __fread_nolock 18759->18762 18759->18763 18768 90da2a 18760->18768 18761 9047a0 ___std_exception_copy RtlAllocateHeap 18761->18763 18762->18763 18764 90dba1 __fread_nolock 18762->18764 18766 915f82 __fread_nolock RtlAllocateHeap 18762->18766 18770 914623 18762->18770 18829 908a2b 18762->18829 18763->18755 18767 90d23f __dosmaperr RtlAllocateHeap 18764->18767 18766->18762 18767->18768 18768->18761 18771 914635 18770->18771 18772 91464d 18770->18772 18774 90d22c __dosmaperr RtlAllocateHeap 18771->18774 18773 91498f 18772->18773 18778 914690 18772->18778 18775 90d22c __dosmaperr RtlAllocateHeap 18773->18775 18776 91463a 18774->18776 18779 914994 18775->18779 18777 90d23f __dosmaperr RtlAllocateHeap 18776->18777 18780 914642 18777->18780 18778->18780 18781 91469b 18778->18781 18788 9146cb 18778->18788 18782 90d23f __dosmaperr RtlAllocateHeap 18779->18782 18780->18762 18783 90d22c __dosmaperr RtlAllocateHeap 18781->18783 18784 9146a8 18782->18784 18785 9146a0 18783->18785 18787 9047a0 ___std_exception_copy RtlAllocateHeap 18784->18787 18786 90d23f __dosmaperr RtlAllocateHeap 18785->18786 18786->18784 18787->18780 18789 9146e4 18788->18789 18790 9146f1 18788->18790 18791 91471f 18788->18791 18789->18790 18815 91470d 18789->18815 18792 90d22c __dosmaperr RtlAllocateHeap 18790->18792 18843 916e2d 18791->18843 18793 9146f6 18792->18793 18795 90d23f __dosmaperr RtlAllocateHeap 18793->18795 18798 9146fd 18795->18798 18796 920d44 __fread_nolock RtlAllocateHeap 18813 91486b 18796->18813 18801 9047a0 ___std_exception_copy RtlAllocateHeap 18798->18801 18799 916db3 ___std_exception_copy RtlAllocateHeap 18800 914739 18799->18800 18802 916db3 ___std_exception_copy RtlAllocateHeap 18800->18802 18828 914708 __fread_nolock 18801->18828 18804 914740 18802->18804 18803 9148e3 ReadFile 18805 914957 18803->18805 18806 9148fb 18803->18806 18807 914765 18804->18807 18808 91474a 18804->18808 18817 914964 18805->18817 18825 9148b5 18805->18825 18806->18805 18809 9148d4 18806->18809 18812 90e13d __fread_nolock 2 API calls 18807->18812 18810 90d23f __dosmaperr RtlAllocateHeap 18808->18810 18819 914920 18809->18819 18820 914937 18809->18820 18809->18828 18814 91474f 18810->18814 18811 916db3 ___std_exception_copy RtlAllocateHeap 18811->18780 18812->18815 18813->18803 18816 91489b 18813->18816 18821 90d22c __dosmaperr RtlAllocateHeap 18814->18821 18815->18796 18816->18809 18816->18825 18818 90d23f __dosmaperr RtlAllocateHeap 18817->18818 18822 914969 18818->18822 18854 914335 18819->18854 18820->18828 18864 91417b 18820->18864 18821->18828 18826 90d22c __dosmaperr RtlAllocateHeap 18822->18826 18825->18828 18849 90d1e5 18825->18849 18826->18828 18828->18811 18830 908a3c 18829->18830 18839 908a38 std::locale::_Locimp::_Locimp 18829->18839 18831 908a43 18830->18831 18835 908a56 __fread_nolock 18830->18835 18832 90d23f __dosmaperr RtlAllocateHeap 18831->18832 18833 908a48 18832->18833 18834 9047a0 ___std_exception_copy RtlAllocateHeap 18833->18834 18834->18839 18836 908a84 18835->18836 18837 908a8d 18835->18837 18835->18839 18838 90d23f __dosmaperr RtlAllocateHeap 18836->18838 18837->18839 18841 90d23f __dosmaperr RtlAllocateHeap 18837->18841 18840 908a89 18838->18840 18839->18762 18842 9047a0 ___std_exception_copy RtlAllocateHeap 18840->18842 18841->18840 18842->18839 18844 916e6b 18843->18844 18845 916e3b __dosmaperr std::_Facet_Register 18843->18845 18846 90d23f __dosmaperr RtlAllocateHeap 18844->18846 18845->18844 18847 916e56 RtlAllocateHeap 18845->18847 18848 914730 18846->18848 18847->18845 18847->18848 18848->18799 18850 90d22c __dosmaperr RtlAllocateHeap 18849->18850 18851 90d1f0 __dosmaperr 18850->18851 18852 90d23f __dosmaperr RtlAllocateHeap 18851->18852 18853 90d203 18852->18853 18853->18828 18868 91402e 18854->18868 18856 9143d7 18861 914391 __fread_nolock 18856->18861 18862 90e13d __fread_nolock 2 API calls 18856->18862 18857 9143c7 18859 90d23f __dosmaperr RtlAllocateHeap 18857->18859 18860 91437d 18859->18860 18860->18828 18861->18860 18863 90d1e5 __dosmaperr RtlAllocateHeap 18861->18863 18862->18861 18863->18860 18865 9141b5 18864->18865 18866 914246 18865->18866 18867 90e13d __fread_nolock 2 API calls 18865->18867 18866->18828 18867->18866 18869 914062 18868->18869 18870 9140ce 18869->18870 18871 90e13d __fread_nolock 2 API calls 18869->18871 18870->18856 18870->18857 18870->18860 18870->18861 18871->18870 18873 908acf __fread_nolock 18872->18873 18874 908ad9 18873->18874 18877 908afc __fread_nolock 18873->18877 18875 904723 ___std_exception_copy RtlAllocateHeap 18874->18875 18876 908af4 18875->18876 18876->18281 18877->18876 18879 908b5a 18877->18879 18880 908b67 18879->18880 18881 908b8a 18879->18881 18882 904723 ___std_exception_copy RtlAllocateHeap 18880->18882 18883 908b82 18881->18883 18884 9055d3 4 API calls 18881->18884 18882->18883 18883->18876 18885 908ba2 18884->18885 18893 916ded 18885->18893 18888 915f82 __fread_nolock RtlAllocateHeap 18889 908bb6 18888->18889 18897 914a3f 18889->18897 18892 916db3 ___std_exception_copy RtlAllocateHeap 18892->18883 18894 916e04 18893->18894 18895 908baa 18893->18895 18894->18895 18896 916db3 ___std_exception_copy RtlAllocateHeap 18894->18896 18895->18888 18896->18895 18898 908bbd 18897->18898 18899 914a68 18897->18899 18898->18883 18898->18892 18900 914ab7 18899->18900 18902 914a8f 18899->18902 18901 904723 ___std_exception_copy RtlAllocateHeap 18900->18901 18901->18898 18904 9149ae 18902->18904 18905 9149ba __fread_nolock 18904->18905 18907 9149f9 18905->18907 18908 914b12 18905->18908 18907->18898 18909 91a6de __fread_nolock RtlAllocateHeap 18908->18909 18911 914b22 18909->18911 18913 91a6de __fread_nolock RtlAllocateHeap 18911->18913 18917 914b28 18911->18917 18918 914b5a 18911->18918 18912 91a6de __fread_nolock RtlAllocateHeap 18914 914b66 FindCloseChangeNotification 18912->18914 18915 914b51 18913->18915 18914->18917 18916 91a6de __fread_nolock RtlAllocateHeap 18915->18916 18916->18918 18920 91a64d 18917->18920 18918->18912 18918->18917 18919 914b80 __fread_nolock 18919->18907 18921 91a65c 18920->18921 18922 90d23f __dosmaperr RtlAllocateHeap 18921->18922 18925 91a686 18921->18925 18923 91a6c8 18922->18923 18924 90d22c __dosmaperr RtlAllocateHeap 18923->18924 18924->18925 18925->18919 18926 83e0a0 WSAStartup 18927 83e0d8 18926->18927 18928 83e1a7 18926->18928 18927->18928 18929 83e175 socket 18927->18929 18929->18928 18930 83e18b connect 18929->18930 18930->18928 18931 83e19d closesocket 18930->18931 18931->18928 18931->18929

                                  Executed Functions

                                  Function 0083E0A0 Relevance: 6.1, APIs: 4, Instructions: 100networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 83e0a0-83e0d2 WSAStartup 1 83e1b7-83e1c0 0->1 2 83e0d8-83e102 call 826bd0 * 2 0->2 7 83e104-83e108 2->7 8 83e10e-83e165 2->8 7->1 7->8 10 83e1b1 8->10 11 83e167-83e16d 8->11 10->1 12 83e1c5-83e1cf 11->12 13 83e16f 11->13 12->10 19 83e1d1-83e1d9 12->19 14 83e175-83e189 socket 13->14 14->10 15 83e18b-83e19b connect 14->15 17 83e1c1 15->17 18 83e19d-83e1a5 closesocket 15->18 17->12 18->14 20 83e1a7-83e1b0 18->20 20->10
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Startupclosesocketconnectsocket
                                  • String ID:
                                  • API String ID: 3098855095-0
                                  • Opcode ID: e14bfe76c1bb09c36d06f75620e590dbecbd2033cbf3f2526a6cfbf70a76852a
                                  • Instruction ID: 880381c75bba5719472d24b91de28d337b9a9995c056ec8b626caf13042de301
                                  • Opcode Fuzzy Hash: e14bfe76c1bb09c36d06f75620e590dbecbd2033cbf3f2526a6cfbf70a76852a
                                  • Instruction Fuzzy Hash: 5B31AC72605310ABD7209F299C49B2FB7E8FBC5735F015F19F9A8962D0E33198048B92
                                  Function 00883A40 Relevance: 2.7, APIs: 2, Instructions: 157sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 134 883a40-883a52 135 883a55-883a61 134->135 137 883b28-883b31 GetPEB 135->137 138 883a67-883a6d 135->138 139 883b34-883b48 137->139 138->137 140 883a73-883a7f GetPEB 138->140 141 883b99-883b9b 139->141 142 883b4a-883b4f 139->142 143 883a80-883a94 140->143 141->139 142->141 144 883b51-883b59 142->144 145 883ae4-883ae6 143->145 146 883a96-883a9b 143->146 147 883b60-883b73 144->147 145->143 146->145 148 883a9d-883aa3 146->148 149 883b92-883b97 147->149 150 883b75-883b88 147->150 151 883aa5-883ab8 148->151 149->141 149->147 150->150 152 883b8a-883b90 150->152 153 883aba 151->153 154 883add-883ae2 151->154 152->149 156 883b9d-883bc2 Sleep 152->156 155 883ac0-883ad3 153->155 154->145 154->151 155->155 157 883ad5-883adb 155->157 156->135 157->154 158 883ae8-883b0d Sleep 157->158 159 883b13-883b1a 158->159 159->137 160 883b1c-883b22 159->160 160->137 161 883bc7-883bd8 call 826bd0 160->161 164 883bda-883bdc 161->164 165 883bde 161->165 166 883be0-883bfd call 826bd0 164->166 165->166
                                  APIs
                                  • Sleep.KERNELBASE(000003E9,?,00000001,00000000,?,?,?,?,?,?,?,?,00883DB6), ref: 00883B08
                                  • Sleep.KERNELBASE(00000001,?,00000001,00000000,?,?,?,?,?,?,?,?,00883DB6), ref: 00883BBA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: 6f44787daf927b166ec07af6ac32c2c6603320bcd24d9dcfc4ddab44b3d153a7
                                  • Instruction ID: f58939820435d04d4abd1f623913ea5a3492ddb69f3b0a72fc4ab42dcd8970d4
                                  • Opcode Fuzzy Hash: 6f44787daf927b166ec07af6ac32c2c6603320bcd24d9dcfc4ddab44b3d153a7
                                  • Instruction Fuzzy Hash: 0B51BB75A042298FCB28DF58C8D0EAAB3B1FF45B14F29459AD845AF352D731EE05CB80
                                  Function 05370822 Relevance: 1.8, APIs: 1, Instructions: 267COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 169 5370822-537089f 173 53708b8-53708e3 GetCurrentHwProfileW 169->173 175 53708f8-5370bca 173->175
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053708DC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793493063.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5370000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: f32ec35ea6e7b06a617d8200f66655bc157f644cdcba7ca7fdd4e299e8ed06d1
                                  • Instruction ID: ed8eba6b90c7c56cfad1eb23d1a46509198926a036aded663e7f8287717f9c2f
                                  • Opcode Fuzzy Hash: f32ec35ea6e7b06a617d8200f66655bc157f644cdcba7ca7fdd4e299e8ed06d1
                                  • Instruction Fuzzy Hash: 6A414DEB94D129BC716AC1826F58EFB576EE5D77307318427F807E1902E2C84E495831
                                  Function 053708AC Relevance: 1.7, APIs: 1, Instructions: 211COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 322 53708ac-53708b4 323 53708b6-53708ba 322->323 324 53708bb-53708e3 GetCurrentHwProfileW 322->324 323->324 326 53708f8-5370bca 324->326
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053708DC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793493063.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5370000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: d758eb9ac4a55b8955f705d1cc9adc5df8b896756ca1c25b32c80a27fa651ee8
                                  • Instruction ID: d993e54da34b681dc171942354c630ec97fa9128c88b2c174f878dcbcca21306
                                  • Opcode Fuzzy Hash: d758eb9ac4a55b8955f705d1cc9adc5df8b896756ca1c25b32c80a27fa651ee8
                                  • Instruction Fuzzy Hash: A941B2EB90D129BC726AC1826B58EFA672FE6C77307318467F407E5901E28C4F895831
                                  Function 00914623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 22 914623-914633 23 914635-914648 call 90d22c call 90d23f 22->23 24 91464d-91464f 22->24 38 9149a7 23->38 25 914655-91465b 24->25 26 91498f-91499c call 90d22c call 90d23f 24->26 25->26 28 914661-91468a 25->28 45 9149a2 call 9047a0 26->45 28->26 32 914690-914699 28->32 35 9146b3-9146b5 32->35 36 91469b-9146ae call 90d22c call 90d23f 32->36 41 91498b-91498d 35->41 42 9146bb-9146bf 35->42 36->45 43 9149aa-9149ad 38->43 41->43 42->41 46 9146c5-9146c9 42->46 45->38 46->36 49 9146cb-9146e2 46->49 51 9146e4-9146e7 49->51 52 914717-91471d 49->52 53 9146e9-9146ef 51->53 54 91470d-914715 51->54 55 9146f1-914708 call 90d22c call 90d23f call 9047a0 52->55 56 91471f-914726 52->56 53->54 53->55 58 91478a-9147a9 54->58 85 9148c2 55->85 59 914728 56->59 60 91472a-91472b call 916e2d 56->60 62 914865-91486e call 920d44 58->62 63 9147af-9147bb 58->63 59->60 68 914730-914748 call 916db3 * 2 60->68 75 914870-914882 62->75 76 9148df 62->76 63->62 67 9147c1-9147c3 63->67 67->62 71 9147c9-9147ea 67->71 89 914765-914788 call 90e13d 68->89 90 91474a-914760 call 90d23f call 90d22c 68->90 71->62 77 9147ec-914802 71->77 75->76 81 914884-914893 75->81 82 9148e3-9148f9 ReadFile 76->82 77->62 78 914804-914806 77->78 78->62 83 914808-91482b 78->83 81->76 98 914895-914899 81->98 86 914957-914962 82->86 87 9148fb-914901 82->87 83->62 88 91482d-914843 83->88 91 9148c5-9148cf call 916db3 85->91 107 914964-914976 call 90d23f call 90d22c 86->107 108 91497b-91497e 86->108 87->86 93 914903 87->93 88->62 94 914845-914847 88->94 89->58 90->85 91->43 100 914906-914918 93->100 94->62 102 914849-914860 94->102 98->82 106 91489b-9148b3 98->106 100->91 101 91491a-91491e 100->101 110 914920-914930 call 914335 101->110 111 914937-914944 101->111 102->62 122 9148b5-9148ba 106->122 123 9148d4-9148dd 106->123 107->85 112 914984-914986 108->112 113 9148bb-9148c1 call 90d1e5 108->113 130 914933-914935 110->130 118 914950-914955 call 91417b 111->118 119 914946 call 91448c 111->119 112->91 113->85 131 91494b-91494e 118->131 119->131 122->113 123->100 130->91 131->130
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35db825da7b3df724fa3763381b46c7e409f42963754736727c81c059fd3a47c
                                  • Instruction ID: 0da4f0686348fb9f75223d8ed9a226be7ce7f4ae619c9df990a63eada6dee066
                                  • Opcode Fuzzy Hash: 35db825da7b3df724fa3763381b46c7e409f42963754736727c81c059fd3a47c
                                  • Instruction Fuzzy Hash: 20B1F570F0424DAFDB11DFA9D841BEEBBB5AF8A310F544198E554AB282C770AD81CB61
                                  Function 0082A210 Relevance: 1.7, APIs: 1, Instructions: 231COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 211 82a210-82a2ab call 8ff290 call 822ae0 216 82a2b0-82a2bb 211->216 216->216 217 82a2bd-82a2c8 216->217 218 82a2ca 217->218 219 82a2cd-82a2de call 905362 217->219 218->219 222 82a2e0-82a305 call 909136 call 904eeb call 909136 219->222 223 82a351-82a357 219->223 240 82a307 222->240 241 82a30c-82a316 222->241 225 82a381-82a393 223->225 226 82a359-82a365 223->226 227 82a377-82a37e call 8ff511 226->227 228 82a367-82a375 226->228 227->225 228->227 230 82a394-82a3ae call 9047b0 228->230 238 82a3b0-82a3bb 230->238 238->238 242 82a3bd-82a3c8 238->242 240->241 243 82a328-82a32f call 88cf60 241->243 244 82a318-82a31c 241->244 245 82a3ca 242->245 246 82a3cd-82a3df call 905362 242->246 251 82a334-82a33a 243->251 247 82a320-82a326 244->247 248 82a31e 244->248 245->246 255 82a3e1-82a3f9 call 909136 call 904eeb call 908be8 246->255 256 82a3fc-82a403 246->256 247->251 248->247 253 82a33e-82a349 call 90dbdf call 908be8 251->253 254 82a33c 251->254 272 82a34e 253->272 254->253 255->256 257 82a405-82a411 256->257 258 82a42d-82a433 256->258 262 82a423-82a42a call 8ff511 257->262 263 82a413-82a421 257->263 262->258 263->262 266 82a434-82a45e call 9047b0 263->266 278 82a460-82a464 266->278 279 82a46f-82a474 266->279 272->223 278->279 280 82a466-82a46e 278->280
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __fread_nolock
                                  • String ID:
                                  • API String ID: 2638373210-0
                                  • Opcode ID: 24b3372bce6a1f40f6bbf3d99da3cd1e25af627db33822c386c31ca3daba04f2
                                  • Instruction ID: 560f66cf6322b3914729cffdb49446e9aa09eb85d64f657566111440409812af
                                  • Opcode Fuzzy Hash: 24b3372bce6a1f40f6bbf3d99da3cd1e25af627db33822c386c31ca3daba04f2
                                  • Instruction Fuzzy Hash: 45710470900218AFDB18DF68EC49BAEB7E8FF41700F10856DF805DB782D7B59A818792
                                  Function 05370866 Relevance: 1.7, APIs: 1, Instructions: 223COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 281 5370866-537089f 284 53708b8-53708e3 GetCurrentHwProfileW 281->284 286 53708f8-5370bca 284->286
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053708DC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793493063.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5370000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 49f8ff7aedc570676d89a19ea353c6e0a676fea922e58fbce4fbe876474e43c3
                                  • Instruction ID: 4e28737245b3e8c63b6e0652b852f53e5e088f37a661533bf7b38b75743093de
                                  • Opcode Fuzzy Hash: 49f8ff7aedc570676d89a19ea353c6e0a676fea922e58fbce4fbe876474e43c3
                                  • Instruction Fuzzy Hash: BE41B0EB94D129BCB16AC1826F58EFB562FE6C77307318467F407E1902E29C4E495831
                                  Function 05370898 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 362 5370898-537089f 363 53708b8-53708e3 GetCurrentHwProfileW 362->363 365 53708f8-5370bca 363->365
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053708DC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793493063.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5370000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 2c01339e69ed63f7fa20f78480c1827bae7fe99e14ceb33c7b21855c69ee9e63
                                  • Instruction ID: 9a102ff525d82e3ed28f258314e9698a174c32ac2c6305650759810dedb057b0
                                  • Opcode Fuzzy Hash: 2c01339e69ed63f7fa20f78480c1827bae7fe99e14ceb33c7b21855c69ee9e63
                                  • Instruction Fuzzy Hash: 43419FFB94D129BCB26AC1826B58EFA562FE6C7730B318427F407E1901E2CC8B495831
                                  Function 0091549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 401 91549c-9154be 402 9156b1 401->402 403 9154c4-9154c6 401->403 404 9156b3-9156b7 402->404 405 9154f2-915515 403->405 406 9154c8-9154e7 call 904723 403->406 407 915517-915519 405->407 408 91551b-915521 405->408 414 9154ea-9154ed 406->414 407->408 410 915523-915534 407->410 408->406 408->410 412 915547-915557 call 914fe1 410->412 413 915536-915544 call 90e17d 410->413 419 9155a0-9155b2 412->419 420 915559-91555f 412->420 413->412 414->404 421 9155b4-9155ba 419->421 422 915609-915629 WriteFile 419->422 423 915561-915564 420->423 424 915588-91559e call 914bb2 420->424 428 9155f5-915607 call 91505e 421->428 429 9155bc-9155bf 421->429 425 915634 422->425 426 91562b-915631 422->426 430 915566-915569 423->430 431 91556f-91557e call 914f79 423->431 441 915581-915583 424->441 433 915637-915642 425->433 426->425 448 9155dc-9155df 428->448 434 9155e1-9155f3 call 915222 429->434 435 9155c1-9155c4 429->435 430->431 436 915649-91564c 430->436 431->441 442 915644-915647 433->442 443 9156ac-9156af 433->443 434->448 444 9155ca-9155d7 call 915139 435->444 445 91564f-915651 435->445 436->445 441->433 442->436 443->404 444->448 450 915653-915658 445->450 451 91567f-91568b 445->451 448->441 455 915671-91567a call 90d208 450->455 456 91565a-91566c 450->456 453 915695-9156a7 451->453 454 91568d-915693 451->454 453->414 454->402 454->453 455->414 456->414
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000000,00909087,?,00000000,00000000,00000000,?,00000000,?,0082A3EB,00909087,00000000,0082A3EB,?,?), ref: 00915621
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: dd78f63a743da65d45a9b42c0c684153be86ecc9eb907381c94395f2a6699426
                                  • Instruction ID: c19138889b656c6219cc453021a8c9beddbae786f0c9d7309c1cd4f83c2325e3
                                  • Opcode Fuzzy Hash: dd78f63a743da65d45a9b42c0c684153be86ecc9eb907381c94395f2a6699426
                                  • Instruction Fuzzy Hash: 9561C071A0450DEFDF11DFA8C844EEEBBBAAF89304F560545F804A7255D375D9818BA0
                                  Function 053708DA Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 459 53708da-53708e3 GetCurrentHwProfileW 461 53708f8-5370bca 459->461
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053708DC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793493063.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5370000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 46f32ddd14c7ea9b51ed817efec7fa42e497d2ee476b0bc3ca18a00266b2b21d
                                  • Instruction ID: ef0a801384029c5fb75abb70f87fcf1d44781bb53d567ffee10ed2da65a0f5de
                                  • Opcode Fuzzy Hash: 46f32ddd14c7ea9b51ed817efec7fa42e497d2ee476b0bc3ca18a00266b2b21d
                                  • Instruction Fuzzy Hash: C73193FB91D129BC727AC1826B58EFA562FE6C7730B318466F407E6901E2DC8F495831
                                  Function 00904942 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 497 904942-90494f 498 904951-904974 call 904723 497->498 499 904979-90498d call 915f82 497->499 506 904ae0-904ae2 498->506 504 904992-90499b call 90e11f 499->504 505 90498f 499->505 508 9049a0-9049af 504->508 505->504 509 9049b1 508->509 510 9049bf-9049c8 508->510 511 9049b7-9049b9 509->511 512 904a89-904a8e 509->512 513 9049ca-9049d7 510->513 514 9049dc-904a10 510->514 511->510 511->512 515 904ade-904adf 512->515 516 904adc 513->516 517 904a12-904a1c 514->517 518 904a6d-904a79 514->518 515->506 516->515 521 904a43-904a4f 517->521 522 904a1e-904a2a 517->522 519 904a90-904a93 518->519 520 904a7b-904a82 518->520 524 904a96-904a9e 519->524 520->512 521->519 523 904a51-904a6b call 904e59 521->523 522->521 525 904a2c-904a3e call 904cae 522->525 523->524 527 904aa0-904aa6 524->527 528 904ada 524->528 525->515 531 904aa8-904abc call 904ae3 527->531 532 904abe-904ac2 527->532 528->516 531->515 535 904ac4-904ad2 call 924a10 532->535 536 904ad5-904ad7 532->536 535->536 536->528
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f92d44a3a7ede6de46dc018fe1879ffab944e6e5bad8223685008d8fe62d8db
                                  • Instruction ID: ed4151cebf37bbe79d046e3cc0aa5af8e071712c32f95f0fcec31a3bfccfc2c2
                                  • Opcode Fuzzy Hash: 4f92d44a3a7ede6de46dc018fe1879ffab944e6e5bad8223685008d8fe62d8db
                                  • Instruction Fuzzy Hash: 4851C8B0B00208AFDF14CF58CC41AAA7FF5EF85354F248158F9599B292D3719E41CB90
                                  Function 00890560 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 540 890560-89057f 541 8906a9 call 822270 540->541 542 890585-890598 540->542 549 8906ae call 8221d0 541->549 543 89059a 542->543 544 8905c0-8905c8 542->544 548 89059c-8905a1 543->548 546 8905ca-8905cf 544->546 547 8905d1-8905d5 544->547 546->548 551 8905d9-8905e1 547->551 552 8905d7 547->552 553 8905a4-8905a5 call 8ff290 548->553 554 8906b3-8906b8 call 9047b0 549->554 555 8905f0-8905f2 551->555 556 8905e3-8905e8 551->556 552->551 562 8905aa-8905af 553->562 560 890601 555->560 561 8905f4-8905ff call 8ff290 555->561 556->549 559 8905ee 556->559 559->553 566 890603-890629 560->566 561->566 562->554 563 8905b5-8905be 562->563 563->566 568 89062b-890655 call 900f70 call 9014f0 566->568 569 890680-8906a6 call 900f70 call 9014f0 566->569 578 890669-89067d call 8ff511 568->578 579 890657-890665 568->579 579->554 580 890667 579->580 580->578
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 008906AE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction ID: 2fa00ebbb7dd53aad817714b58385c3669ff9e206dad693277ab6f0125e1b8d8
                                  • Opcode Fuzzy Hash: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction Fuzzy Hash: D241B572A002189FCF15EF68D98066E7BA5FF89350F190169F905EB346D730DD609BE1
                                  Function 00914B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 583 914b12-914b26 call 91a6de 586 914b28-914b2a 583->586 587 914b2c-914b34 583->587 588 914b7a-914b9a call 91a64d 586->588 589 914b36-914b3d 587->589 590 914b3f-914b42 587->590 599 914bac 588->599 600 914b9c-914baa call 90d208 588->600 589->590 592 914b4a-914b5e call 91a6de * 2 589->592 593 914b60-914b70 call 91a6de FindCloseChangeNotification 590->593 594 914b44-914b48 590->594 592->586 592->593 593->586 603 914b72-914b78 593->603 594->592 594->593 605 914bae-914bb1 599->605 600->605 603->588
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,009149F9,00000000,CF830579,00951140,0000000C,00914AB5,00908BBD,?), ref: 00914B68
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: dd3d34d57f8e64c6562af08625267a3a6456b2dac0463c9606a78d90e7633ad1
                                  • Instruction ID: 2944997ff9bfaedb3cca72bf2becbd316103e8bcc25353670a13f2260aa24208
                                  • Opcode Fuzzy Hash: dd3d34d57f8e64c6562af08625267a3a6456b2dac0463c9606a78d90e7633ad1
                                  • Instruction Fuzzy Hash: 4911483379912C16C6252274A805BFE674E8BCB7B0F390209F9589B1C2EE20ECC15195
                                  Function 0090E05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 609 90e05c-90e074 call 91a6de 612 90e076-90e07d 609->612 613 90e08a-90e0a0 SetFilePointerEx 609->613 614 90e084-90e088 612->614 615 90e0a2-90e0b3 call 90d208 613->615 616 90e0b5-90e0bf 613->616 617 90e0db-90e0de 614->617 615->614 616->614 618 90e0c1-90e0d6 616->618 618->617
                                  APIs
                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,00950DF8,0082A3EB,00000002,0082A3EB,00000000,?,?,?,0090E166,00000000,?,0082A3EB,00000002,00950DF8), ref: 0090E098
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FilePointer
                                  • String ID:
                                  • API String ID: 973152223-0
                                  • Opcode ID: 267d329ec78681079144963d500bf17173851120eebe6e2d0d0c01842e0f327a
                                  • Instruction ID: 1dd788fb488d2d31bb3ac25598b8ef2cb8cba5cb2caa5636f87e5dd204275cd8
                                  • Opcode Fuzzy Hash: 267d329ec78681079144963d500bf17173851120eebe6e2d0d0c01842e0f327a
                                  • Instruction Fuzzy Hash: 3301D632715519AFCF199F59CC05D9E3B2AEB81320B240648F8909B2D1E6B1ED419BD0
                                  Function 008FF290 Relevance: 1.6, APIs: 1, Instructions: 51COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 622 8ff290-8ff293 623 8ff2a2-8ff2a5 call 90df2c 622->623 625 8ff2aa-8ff2ad 623->625 626 8ff2af-8ff2b0 625->626 627 8ff295-8ff2a0 call 9117d8 625->627 627->623 630 8ff2b1-8ff2b5 627->630 631 8221d0-822220 call 8221b0 call 900efb call 900651 630->631 632 8ff2bb 630->632 632->632
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0082220E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID:
                                  • API String ID: 2659868963-0
                                  • Opcode ID: b448e3f1b60b6ac830b5c34ba6028b353d57f5eb109befd4919fd57779b37bbe
                                  • Instruction ID: 9991453b10cfb8189a2ebb25696bf5c63ed8fd9f099b290a07d19ad3ded41bdb
                                  • Opcode Fuzzy Hash: b448e3f1b60b6ac830b5c34ba6028b353d57f5eb109befd4919fd57779b37bbe
                                  • Instruction Fuzzy Hash: AD01DB7550030DBBCB24EFA8E805AA977ECEE40314F508535FB18DB591E770E95487D5
                                  Function 009163F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,009091F7,00000000,?,00915D79,00000001,00000364,00000000,00000006,000000FF,?,00000000,0090D244,009089C3,009091F7,00000000), ref: 00916434
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 3cb58cc641507b3dbcd8f22ad8e0061ba66ed379ae9aed543eb4213b65212f44
                                  • Instruction ID: cb5564566aa0562b7de6ff9b0f28ce0c4d2e5106ba5b705ae789e63c6ada640c
                                  • Opcode Fuzzy Hash: 3cb58cc641507b3dbcd8f22ad8e0061ba66ed379ae9aed543eb4213b65212f44
                                  • Instruction Fuzzy Hash: 4EF0E933F0522C66DB226F669C02BDB7B8C9F81770B258025F804A61E0CB30EC8186E1
                                  Function 00916E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000000,0091D635,4D88C033,?,0091D635,00000220,?,009157EF,4D88C033), ref: 00916E60
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 65a871414a18aa0d32638df31daa27af74dfa04f9d1a8d6f1e2bb6ae63e57745
                                  • Instruction ID: de83743e7263a7225e6bd0eb292f9d3a525c9a1b449e9ad18217a2e230e2a19a
                                  • Opcode Fuzzy Hash: 65a871414a18aa0d32638df31daa27af74dfa04f9d1a8d6f1e2bb6ae63e57745
                                  • Instruction Fuzzy Hash: 62E0E539F0062D66EE3126A5DD007DB7A4CCF813B1F450721FC04921D0CB20C8A041E4
                                  Function 053800B6 Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c974e7eab7329a72c40cc5b948d6464ce87c6a947ce7fdf50de69d3910f8360d
                                  • Instruction ID: 2dca85fde8ee5a848afb983999eba201f6129a33429b45c541bffd758a5c3fdf
                                  • Opcode Fuzzy Hash: c974e7eab7329a72c40cc5b948d6464ce87c6a947ce7fdf50de69d3910f8360d
                                  • Instruction Fuzzy Hash: 9811A2EF148310BEA11EE9916B5CAFA6B6FE9D6630330C426F547C9D02F2E60A4D5171
                                  Function 05380035 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: de8c3981790d8b57ad952beda665aeed8f869fedf448b7bcac81203ee0bed000
                                  • Instruction ID: 989178510376c3cd721da4e58f7b93ba79eca984378ad0e2f2cc27acb03e7d0c
                                  • Opcode Fuzzy Hash: de8c3981790d8b57ad952beda665aeed8f869fedf448b7bcac81203ee0bed000
                                  • Instruction Fuzzy Hash: 731190FF14C220BDB14EE9822B2CAFA6BAFE5D6730330C426F447D5D02E2950A4D2271
                                  Function 0538004F Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7007103f2b9ddf2047db4d82bcd1137095cfcc88caf9259626ab5e935aa0d74c
                                  • Instruction ID: d38ffdc2dec2e983d4e77b6d35844077f5bca2f3c07ae5202858514164a2eada
                                  • Opcode Fuzzy Hash: 7007103f2b9ddf2047db4d82bcd1137095cfcc88caf9259626ab5e935aa0d74c
                                  • Instruction Fuzzy Hash: 551182FB14C310BEA10EE9816B28AF66BAFE5D6730330C426F447D5D02E2A50A4C5131
                                  Function 05380063 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e0b8d7b717bc5a616e675bdbb61b506886af20049064d5bed4d9b178ca31354
                                  • Instruction ID: 4ac8c8380511b35278d6ac62deb360ee12b62abca35f9b8234726cc73d8d8f7b
                                  • Opcode Fuzzy Hash: 2e0b8d7b717bc5a616e675bdbb61b506886af20049064d5bed4d9b178ca31354
                                  • Instruction Fuzzy Hash: EE1182FF14C220BEA10EE5916B2DAF66BAFE6D6730730C522F507D6D42E2D50A4D2171
                                  Function 053800D5 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2039cfeb9ff183c91b9d6be6681c1b07127596415cce77a0c8488e26792558ac
                                  • Instruction ID: 86efcf678a2b3a89348c7d7f4bea250d563e58a001ba7ff9de664342634470ef
                                  • Opcode Fuzzy Hash: 2039cfeb9ff183c91b9d6be6681c1b07127596415cce77a0c8488e26792558ac
                                  • Instruction Fuzzy Hash: 0A1170EF148220BD611EE4852B2CAF6AB6FE5D6731370C523F547D9D02E2D90A4D2171
                                  Function 05380086 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03059091e33c1481cb72dfc40526d3ae180bb2c5535bec83eaa20f13d94fd79a
                                  • Instruction ID: 0a4a73fc002a5df6e50822096076e2e2cc951dfe8487e200b48a63dfeca6eac3
                                  • Opcode Fuzzy Hash: 03059091e33c1481cb72dfc40526d3ae180bb2c5535bec83eaa20f13d94fd79a
                                  • Instruction Fuzzy Hash: AB01A1FF148210BEA10AE5816B28AFAA76FE9D6730330C466F403DA902E2990A5C6131
                                  Function 05380076 Relevance: .1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 818f7dbd7e9a91b785c3477bca7b8c0cd371315cf362d5780d045a9ebec296b5
                                  • Instruction ID: 446e0ab0976c83b251b05a4bc24632255a6e3aa9165da163cbf76549bbf9f063
                                  • Opcode Fuzzy Hash: 818f7dbd7e9a91b785c3477bca7b8c0cd371315cf362d5780d045a9ebec296b5
                                  • Instruction Fuzzy Hash: 680180FF24C220BDB10EE5812B2CAF6A7AFE5D6730370C426F547D9D02E2990A4D2171
                                  Function 053800FB Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd9532473d6ba0990de7341509ae060412018e6e9cb53f66e604df2e02072273
                                  • Instruction ID: 4fe08b9b8dfd3582b377d6dbbbf70c80fdbf4a05b1066df0ad23515a33a10252
                                  • Opcode Fuzzy Hash: cd9532473d6ba0990de7341509ae060412018e6e9cb53f66e604df2e02072273
                                  • Instruction Fuzzy Hash: 7FF0A7AF14C350EED14DE5512A3DAB6ABAFB5F33313758456F043C6901D149160C5231
                                  Function 05380123 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1921ebcb12c599e764f4f543e013255cbd7a80e1ce0ba5f6920dca6beb905cb3
                                  • Instruction ID: 75c59e45551ddbc77288c9e59bfd8315378a14a3f0ea281af79e5e2a622e280b
                                  • Opcode Fuzzy Hash: 1921ebcb12c599e764f4f543e013255cbd7a80e1ce0ba5f6920dca6beb905cb3
                                  • Instruction Fuzzy Hash: 7AE026AF24C204FD918DE492362DAF2ABAFB5B733237889B3F003C6E01E149120D5231
                                  Function 0538014A Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01e9822cd8beee8cd6b8c52aab03ae6f87ba31830ff490add69acb165c91b32b
                                  • Instruction ID: b827ddf28e248fb541cd8361ec1ed6ad09454e1f28b5731999d8f4cffe04e511
                                  • Opcode Fuzzy Hash: 01e9822cd8beee8cd6b8c52aab03ae6f87ba31830ff490add69acb165c91b32b
                                  • Instruction Fuzzy Hash: 9CD05BAF18C200EDA14CD9463B6C7B6679F75E73313744453F043D6C02D155520D6230
                                  Function 05380166 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5380000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0c08c11a93375e6ec8b91c6508d3a76469a22047eb2ff039dc6ca9963db54ee9
                                  • Instruction ID: 78c13e8d2bb75940e0e18cbfbb2937f1c391d309d335d136b478671f7bb832f6
                                  • Opcode Fuzzy Hash: 0c08c11a93375e6ec8b91c6508d3a76469a22047eb2ff039dc6ca9963db54ee9
                                  • Instruction Fuzzy Hash: 17D0A7BF1CD100AD904CD5823B3C7F2639F71E62313F04553F002C2C01D149424C6230

                                  Non-executed Functions

                                  Function 00839F50 Relevance: 18.6, Strings: 13, Instructions: 2331COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $$%s|%s$,$,$.$.$131$:$arqt$er$irvl$type must be boolean, but is $v|
                                  • API String ID: 0-4208100968
                                  • Opcode ID: 578206756eca811c252251786ef75d77ba1c981445d1d8ea92149f0bd3561c31
                                  • Instruction ID: e4d075ca55ee21e70a227606ec5efb96f92f414945f9b3888492abfc0843dc4a
                                  • Opcode Fuzzy Hash: 578206756eca811c252251786ef75d77ba1c981445d1d8ea92149f0bd3561c31
                                  • Instruction Fuzzy Hash: BD23CEB0D002588FDB28DF68C858BEDBBB4FF45304F148199E549EB292DB359A84CF91
                                  Function 00828D70 Relevance: 9.1, Strings: 7, Instructions: 327COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: File$bkg`$eHlW$l$lwcf$p$t
                                  • API String ID: 0-3184506882
                                  • Opcode ID: ab74e7aeef880218b44c255ff68a45ffa79f1493974a8f255d00cc7367ea0ed2
                                  • Instruction ID: a9082cbfb2599d1df0e500ee38a47f351a8ab27ad58e7d45e0910fd5d66f714f
                                  • Opcode Fuzzy Hash: ab74e7aeef880218b44c255ff68a45ffa79f1493974a8f255d00cc7367ea0ed2
                                  • Instruction Fuzzy Hash: E0C1AB70D0026DDEEF24DFA4DC85BAEBBB9FF05300F104069E504AB291DB759A85CB65
                                  Function 008973F0 Relevance: 7.9, APIs: 3, Strings: 1, Instructions: 897COMMON
                                  Download Yara Rule
                                  Strings
                                  • unordered_map/set too long, xrefs: 008978C7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: unordered_map/set too long
                                  • API String ID: 0-306623848
                                  • Opcode ID: 2424e708a34aeb92e62ce9b05cc29c2bc14a481165b7aa1545af147c1b5b3c3e
                                  • Instruction ID: f03dd236b77ed01c2853194fe1fcce8bc504e360a179d7ec3e4370a8eb3530ec
                                  • Opcode Fuzzy Hash: 2424e708a34aeb92e62ce9b05cc29c2bc14a481165b7aa1545af147c1b5b3c3e
                                  • Instruction Fuzzy Hash: 08627175E046199FCF14DF6CC880AADBBB5FF48314F288269E819EB395D730A951CB90
                                  Function 009084A0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction ID: 1cb16778d09f6d46d22577d17ccb954614e9f92d13a90886295972188fa6037e
                                  • Opcode Fuzzy Hash: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction Fuzzy Hash: 6F023B71E012199FDF14CFA9C880AAEBBF5FF48314F258269D959E7381DB31A941CB90
                                  Function 008950B0 Relevance: 5.3, Strings: 4, Instructions: 268COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: /Kim$/Kim$type must be number, but is $type must be string, but is
                                  • API String ID: 0-1144537432
                                  • Opcode ID: 211e1785944c52f15c421e8191e8101b0a0b83b9af897e1ccf24473bf59cc0b1
                                  • Instruction ID: 28a0aadb013a7f053f87a720923255b38c369eb15abf781ded21cb0398894d7a
                                  • Opcode Fuzzy Hash: 211e1785944c52f15c421e8191e8101b0a0b83b9af897e1ccf24473bf59cc0b1
                                  • Instruction Fuzzy Hash: D5912671E006089FCB08DFACD8517DDBBA9FB89310F18826EE819D7395E7759905CB81
                                  Function 008291A0 Relevance: 4.9, Strings: 3, Instructions: 1146COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: /$/\/$\
                                  • API String ID: 0-1523196992
                                  • Opcode ID: 58a7d90e07f2a5457cfee94fcbb97ba484412e910e2073bd193c74737c223ea1
                                  • Instruction ID: 8f508d619490df8ec0a854bf800027258e9a8f13c6bf6498c469455eff93ee18
                                  • Opcode Fuzzy Hash: 58a7d90e07f2a5457cfee94fcbb97ba484412e910e2073bd193c74737c223ea1
                                  • Instruction Fuzzy Hash: BB92E271D002688FDF18CFA8D8946EEBBB5FF45314F1442ADD485E7282E7315A86CBA1
                                  Function 008A55B0 Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: `ic$eIcm$yNrw
                                  • API String ID: 0-2666854388
                                  • Opcode ID: ccb54c24709347082297d2ad8a3a405570c357ef0461f6f8b99f9511b9f6e896
                                  • Instruction ID: 0aea409bf0aee23af8ca989e13eb9ae44476a4912324e1c283965bbe96b1800b
                                  • Opcode Fuzzy Hash: ccb54c24709347082297d2ad8a3a405570c357ef0461f6f8b99f9511b9f6e896
                                  • Instruction Fuzzy Hash: 36816CB0C1834CAEEF04CFA4D8456AEFBB9EF56300F50809ED851AB651D379434ADBA5
                                  Function 0090BEAF Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 0
                                  • API String ID: 0-4108050209
                                  • Opcode ID: d9e87bd5bac8469a79b35ebc1e4003f3f1d3eb17d433c267cc7eecdecfc9df35
                                  • Instruction ID: 2ce7e7a0030af2ee530b4870a84530a6f9268bfb6fc673872b6e9c51801a415b
                                  • Opcode Fuzzy Hash: d9e87bd5bac8469a79b35ebc1e4003f3f1d3eb17d433c267cc7eecdecfc9df35
                                  • Instruction Fuzzy Hash: B1B1CDB490460ACFCB24DF68C880ABAB7B9EF45304F244B19D9A6A73D2C731AD45CF51
                                  Function 008FF26A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetSystemTimePreciseAsFileTime.KERNEL32(?,?,008FEC78,?,?,?,?,008340EB,?,00883C2E), ref: 008FF283
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Time$FilePreciseSystem
                                  • String ID:
                                  • API String ID: 1802150274-0
                                  • Opcode ID: 36fd75f2c3ed645aa63edee0bd3233869aa8113addd8e3dd8e1eaf4bdf60d50d
                                  • Instruction ID: b1fdeb5710f5a707034ea5cb5f0bdbe3bda14d89af73cc2057f29cf93149150a
                                  • Opcode Fuzzy Hash: 36fd75f2c3ed645aa63edee0bd3233869aa8113addd8e3dd8e1eaf4bdf60d50d
                                  • Instruction Fuzzy Hash: 81D0223269523C938A213BE0FC0487CBB28EE09B903500037FB05A3128CE615C02EBC4
                                  Function 008A9880 Relevance: .7, Instructions: 748COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a1ae7b508574a3d5998c6f9ac65963f0ae5284503311bef1a463a95e6b50748e
                                  • Instruction ID: 6ea58b5269740c2cc832bd7b757af7f25413262be3a6c0a19687eac3ab71e985
                                  • Opcode Fuzzy Hash: a1ae7b508574a3d5998c6f9ac65963f0ae5284503311bef1a463a95e6b50748e
                                  • Instruction Fuzzy Hash: F8627DB0E042149FEB18CF59C4846ADBBF1FF89308F2881A9D844EB746D775D946CB91
                                  Function 00919824 Relevance: .3, Instructions: 270COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b7210c3f750f62daefed82840038d2983538e2b680b787b953231cf69c8d1c65
                                  • Instruction ID: 335f8a1e419279b1095caf7138ba7cd8d76dd942fbdc96ad40a62dee2f437b4c
                                  • Opcode Fuzzy Hash: b7210c3f750f62daefed82840038d2983538e2b680b787b953231cf69c8d1c65
                                  • Instruction Fuzzy Hash: EAB13A316106089FD719CF28C49ABA57BE4FF45364F29869CE8DACF2A1C335E995CB40
                                  Function 008224F0 Relevance: .2, Instructions: 221COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d65315b4d7c15a12aad0d64093f20d80529934f81e7ad5e0f123a3e39d8dc833
                                  • Instruction ID: 17f45d3ef83a0bd9065d545595e98a340d604ffa4b8fc149cb3d77b1442b963c
                                  • Opcode Fuzzy Hash: d65315b4d7c15a12aad0d64093f20d80529934f81e7ad5e0f123a3e39d8dc833
                                  • Instruction Fuzzy Hash: 417112B5D04266AFDB14CF6DE9D07FEBBA4FB29304F000169D864D7382C724998AD7A0
                                  Function 008A6550 Relevance: .2, Instructions: 189COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 66ffa5d12fe2af512e27cc4d7db98cd51ee17c3dc8a6dec640178251cd814627
                                  • Instruction ID: c46164d6e4963b2c89ab10c07249d31e30493e61046547a552876193f2d4b834
                                  • Opcode Fuzzy Hash: 66ffa5d12fe2af512e27cc4d7db98cd51ee17c3dc8a6dec640178251cd814627
                                  • Instruction Fuzzy Hash: 506141716241644FD718CF5EECC05363361E78A31138A466AEBC1DB3A6C735E936EBA0
                                  Function 00834100 Relevance: .2, Instructions: 168COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97c9f8bb78ff094fad92454162d51fefae7f69e3af9fdf4d1aa0b45e469af101
                                  • Instruction ID: a805c9f5c7d2bb30fac00edbb3c2e9b484307a04f6a4c9a774b7145dcfa781fd
                                  • Opcode Fuzzy Hash: 97c9f8bb78ff094fad92454162d51fefae7f69e3af9fdf4d1aa0b45e469af101
                                  • Instruction Fuzzy Hash: 6E518BB1E002099FCB18DF98D881AEEBBB5FB88310F14556DE419F7791D734AA44CBA0
                                  Function 00DBD1AE Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7dd8f519b587e55e38fcbfea5876b55f5623abdb7c83246d071a47343c68dad6
                                  • Instruction ID: c7d26572c7064273c72a173e31b22df020e1003ba4fd08f8e59b29b07d2ae8be
                                  • Opcode Fuzzy Hash: 7dd8f519b587e55e38fcbfea5876b55f5623abdb7c83246d071a47343c68dad6
                                  • Instruction Fuzzy Hash: 3751A9B26087049FE344AF29D88177ABBE4EF94320F1A492DE6C5C7710E6759880CB47
                                  Function 0090646A Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 920c44e739ca4d08db5b5969fbc7a5a158caad0a814d8dad7807257cb044add9
                                  • Instruction ID: e0d2329906fbeecf5e3c05d8949c0a64908976b4a4a42f9fcbff08d8057eac27
                                  • Opcode Fuzzy Hash: 920c44e739ca4d08db5b5969fbc7a5a158caad0a814d8dad7807257cb044add9
                                  • Instruction Fuzzy Hash: 1E519F72E00219EFDF04CF98CD41AEEBBB6FF88310F198458E915AB241D734AA50DB90
                                  Function 0537005C Relevance: .1, Instructions: 99COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3793493063.0000000005370000.00000040.00001000.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5370000_LisectAVT_2403002A_185.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8bb8eb7f85e1975caa19789d39cf180ef34c8d150c255d707200f5b4c6c3da7c
                                  • Instruction ID: 98f9df3448ce53e934455a3f444703c5611389d64e44243e9beeacb1a140aed7
                                  • Opcode Fuzzy Hash: 8bb8eb7f85e1975caa19789d39cf180ef34c8d150c255d707200f5b4c6c3da7c
                                  • Instruction Fuzzy Hash: AC112AFB648114BE712AC9826F18EFB6B6EE5C2730331C83BF802D5406E2DA4E1E5571
                                  Function 00902CE0 Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                  • Instruction ID: 7993fe6aee78253ec48f08b58d6fb7600d5dac66821af4ae4997b30b9ad24fca
                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                  • Instruction Fuzzy Hash: BA113DB72404824FD6148B3DD8BC6B7E39DEBD532473C437AD0414B7D8E222DD45A900
                                  Function 0088F810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0088F833
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0088F855
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0088F875
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0088F89F
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0088F90D
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0088F959
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0088F973
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0088FA08
                                  • std::_Facet_Register.LIBCPMT ref: 0088FA15
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                  • String ID: bad locale name$Ps
                                  • API String ID: 3375549084-1174896957
                                  • Opcode ID: bc9896f9729a7d3cb1b4e20c9f1a47beea2a6287e1bb212cbf4396e2fef81350
                                  • Instruction ID: 1dd7bd496a57975ced32f5772ef91bd125f92a724af023c7be269783a74e65b8
                                  • Opcode Fuzzy Hash: bc9896f9729a7d3cb1b4e20c9f1a47beea2a6287e1bb212cbf4396e2fef81350
                                  • Instruction Fuzzy Hash: A6617EB1D003089FDB10EFA8D845B9EBBB4FF54314F144068EA05EB392D774A905CB92
                                  Function 008239F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00823A58
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00823AA4
                                  • __Getctype.LIBCPMT ref: 00823ABA
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00823AE6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00823B7B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                  • String ID: bad locale name
                                  • API String ID: 1840309910-1405518554
                                  • Opcode ID: ba050e7c8ffe4c7969d86e7e01da2baf7313a2a3b7c346d2ee10f5527f89e9e6
                                  • Instruction ID: 73c7fcd647d4ac088fddf29b0b475472895fca5190659a8e8f38785a42e6d740
                                  • Opcode Fuzzy Hash: ba050e7c8ffe4c7969d86e7e01da2baf7313a2a3b7c346d2ee10f5527f89e9e6
                                  • Instruction Fuzzy Hash: F9514FB1D002589FDB10DFA8D855B9EBBB8FF14310F144069E909EB381E778DA44CB52
                                  Function 00902E10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                  Download Yara Rule
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 00902E47
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00902E4F
                                  • _ValidateLocalCookies.LIBCMT ref: 00902ED8
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00902F03
                                  • _ValidateLocalCookies.LIBCMT ref: 00902F58
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: csm
                                  • API String ID: 1170836740-1018135373
                                  • Opcode ID: 963a87be952ff6cbb2f79de58c41717a9a8770d9bbc56bdfcbdb3cb51175a2e6
                                  • Instruction ID: 9f1cb9e2d7533ae3e66cd7361d7833f359100a6058a997f97a95bbb89bb2f890
                                  • Opcode Fuzzy Hash: 963a87be952ff6cbb2f79de58c41717a9a8770d9bbc56bdfcbdb3cb51175a2e6
                                  • Instruction Fuzzy Hash: 9E41D630A00209AFCF10DF69C889B9EBBB9AF85364F148055F914AB3D2D731EE55CB91
                                  Function 0088DE70 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0088DE93
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0088DEB6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0088DED6
                                  • std::_Facet_Register.LIBCPMT ref: 0088DF4B
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0088DF63
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0088DF7B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                  • String ID:
                                  • API String ID: 2081738530-0
                                  • Opcode ID: 6de0c60faac39e2e0e4804ed26b95e90ae7937739054d52fb44d4ac008c9fb53
                                  • Instruction ID: faebb911eda54fad13d18c62cb9f57f738a5dcc0315964746b2766103e7b689b
                                  • Opcode Fuzzy Hash: 6de0c60faac39e2e0e4804ed26b95e90ae7937739054d52fb44d4ac008c9fb53
                                  • Instruction Fuzzy Hash: DF41E371914319DFCB14EF68E881A6EBBB4FB44710F144269EA15DB392DB30AD40DBD2
                                  Function 00824C50 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 442COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00824F72
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00824FFF
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 008250C8
                                  Strings
                                  • recursive_directory_iterator::operator++, xrefs: 0082504C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy$___std_exception_copy
                                  • String ID: recursive_directory_iterator::operator++
                                  • API String ID: 1206660477-953255998
                                  • Opcode ID: 31e958e778bb3de149da70519951176a8ac2279809dea8086f584bde272f1256
                                  • Instruction ID: df58656f6e14884db9fb0e76ae3fdf69b555b956603d9b7f41c3937d4cf921f5
                                  • Opcode Fuzzy Hash: 31e958e778bb3de149da70519951176a8ac2279809dea8086f584bde272f1256
                                  • Instruction Fuzzy Hash: 00E124B19002189FDB28DF68E845BAEB7F9FF48710F104A2DE456D3781D774A944CBA1
                                  Function 00827820 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 310COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0082799A
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00827B75
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: out_of_range$type_error
                                  • API String ID: 2659868963-3702451861
                                  • Opcode ID: d0340af595995d7715775b6d668206638273ad9d7037d19cd473f64a7828569e
                                  • Instruction ID: c40f972e4316db8b27128200634c053d072d326ea3fd6cf6d005c21b9f3d2c7d
                                  • Opcode Fuzzy Hash: d0340af595995d7715775b6d668206638273ad9d7037d19cd473f64a7828569e
                                  • Instruction Fuzzy Hash: BAC168B19002188FDB18CFA8E884B9DFBF1FF49310F148669E419EB782E7749980CB51
                                  Function 008273B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 008275BE
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 008275CD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: at line $, column
                                  • API String ID: 4194217158-191570568
                                  • Opcode ID: c8fe82fc7642b32c6505416c8b5f64d8ab34f84a8d7a10af89e9cefd6d9449b0
                                  • Instruction ID: ab76ba87a1cb985fe024681e897a262958fe463f90f49195f5722c2c8317afe4
                                  • Opcode Fuzzy Hash: c8fe82fc7642b32c6505416c8b5f64d8ab34f84a8d7a10af89e9cefd6d9449b0
                                  • Instruction Fuzzy Hash: D261D571A042199FDB08DF68ED85BADBBB6FF44300F14462CF415E7781D774A9808B91
                                  Function 00823D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00823E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-1866435925
                                  • Opcode ID: 98ec5e7b561632f935e82db2c5be213114363f3b3b204327d02911b27a3d6dfa
                                  • Instruction ID: 7acd1e9e59eb6d2df6f6575b99ed93eb761df758d9d6853898f44a7b8851a05c
                                  • Opcode Fuzzy Hash: 98ec5e7b561632f935e82db2c5be213114363f3b3b204327d02911b27a3d6dfa
                                  • Instruction Fuzzy Hash: A04118B6900218AFCB14DF68D851BAEB7F8FF48710F14852AF915E7741E774AA44CBA0
                                  Function 00823DE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00823E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-1866435925
                                  • Opcode ID: 1a99757ca03cca9004d02f39cb1b13847ea9119838f59663ed34f5feea196d35
                                  • Instruction ID: af6f6ee9a34dfb8bc998d887e1543869283379ae5adb0786bbcb52b74a884787
                                  • Opcode Fuzzy Hash: 1a99757ca03cca9004d02f39cb1b13847ea9119838f59663ed34f5feea196d35
                                  • Instruction Fuzzy Hash: A52105B69003146FC724DF58E815F96B7E8FB44710F08883AFA68DB681E774EA548B91
                                  Function 00826F40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00827340
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: parse error$parse_error
                                  • API String ID: 2659868963-1820534363
                                  • Opcode ID: f7aae4d59cbe30c13bc3a668190816dae1814182d6fbba64ac0f623f677996b9
                                  • Instruction ID: 3fd0da0e472a642e86cdbb2eb1d80625da81908963d9b3cfc0ad9af9141cbc7f
                                  • Opcode Fuzzy Hash: f7aae4d59cbe30c13bc3a668190816dae1814182d6fbba64ac0f623f677996b9
                                  • Instruction Fuzzy Hash: 4BE15C709042588FDB18CF68D885B9DBBB2FF49300F248269E419EB792D7749A85CF91
                                  Function 00826C60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00826F11
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00826F20
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: [json.exception.
                                  • API String ID: 4194217158-791563284
                                  • Opcode ID: 70db6c524abbe37004ea6b73571639e92f4d73a04220048b68b6cc807e520f4e
                                  • Instruction ID: e8f8e94f06c288dd789b6591add7bbaf6c565d94a68142bee2ddf372e90d9a29
                                  • Opcode Fuzzy Hash: 70db6c524abbe37004ea6b73571639e92f4d73a04220048b68b6cc807e520f4e
                                  • Instruction Fuzzy Hash: C091E674A002189FDB18CF68D984B9EBBF6FF44300F20866DE415EB792E771A981CB51
                                  Function 0089E440 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0089E491
                                  Strings
                                  • type must be boolean, but is , xrefs: 0089E582
                                  • type must be string, but is , xrefs: 0089E4F8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                  • Associated: 00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_820000_LisectAVT_2403002A_185.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID: type must be boolean, but is $type must be string, but is
                                  • API String ID: 118556049-436076039
                                  • Opcode ID: b87660aedd89df386f7df4b3d2238ae95f2aff1a0dd2d714b90b0af6e043ce50
                                  • Instruction ID: 026e7c126ca123b92cf5b1680ae623fff35af81df359ee8bd4c2a84a49488487
                                  • Opcode Fuzzy Hash: b87660aedd89df386f7df4b3d2238ae95f2aff1a0dd2d714b90b0af6e043ce50
                                  • Instruction Fuzzy Hash: 55412DB1900248AFDB14FBA8E842B9E7BA8FB40310F144675F515D7782EB35E944C797

                                  Execution Graph

                                  Execution Coverage:2.9%
                                  Dynamic/Decrypted Code Coverage:1.1%
                                  Signature Coverage:0%
                                  Total number of Nodes:625
                                  Total number of Limit Nodes:64
                                  execution_graph 18826 22e0a0 WSAStartup 18827 22e0d8 18826->18827 18828 22e1a7 18826->18828 18827->18828 18829 22e175 socket 18827->18829 18829->18828 18830 22e18b connect 18829->18830 18830->18828 18831 22e19d closesocket 18830->18831 18831->18828 18831->18829 18839 305d2c 18841 305d35 __dosmaperr 18839->18841 18840 305d4c 18841->18840 18842 3063f3 __dosmaperr RtlAllocateHeap 18841->18842 18843 305d79 __dosmaperr 18842->18843 18844 305d81 __dosmaperr 18843->18844 18845 305db9 18843->18845 18846 306db3 __freea RtlAllocateHeap 18844->18846 18847 305a09 __dosmaperr RtlAllocateHeap 18845->18847 18846->18840 18848 305dc4 18847->18848 18849 306db3 __freea RtlAllocateHeap 18848->18849 18849->18840 18101 21a210 18134 2ef290 18101->18134 18103 21a248 18139 212ae0 18103->18139 18105 21a28b 18155 2f5362 18105->18155 18109 21a377 18112 21a34e 18112->18109 18184 2f47b0 18112->18184 18115 2f9136 4 API calls 18116 21a2fc 18115->18116 18121 21a318 18116->18121 18170 27cf60 18116->18170 18175 2fdbdf 18121->18175 18136 2121d0 Concurrency::cancel_current_task std::_Xinvalid_argument ___std_exception_copy std::_Facet_Register 18134->18136 18135 2ef2af 18135->18103 18136->18135 18187 2f0651 18136->18187 18140 212ba5 18139->18140 18141 212af6 18139->18141 18405 212270 18140->18405 18142 212b02 std::_Locinfo::_Locinfo_ctor 18141->18142 18148 212b65 18141->18148 18149 212b6e 18141->18149 18151 212b2a 18141->18151 18142->18105 18144 212baa 18415 2121d0 18144->18415 18146 2ef290 std::_Facet_Register RtlAllocateHeap 18147 212b3d 18146->18147 18150 2f47b0 RtlAllocateHeap 18147->18150 18154 212b46 std::_Locinfo::_Locinfo_ctor 18147->18154 18148->18144 18148->18151 18152 2ef290 std::_Facet_Register RtlAllocateHeap 18149->18152 18149->18154 18153 212bb4 18150->18153 18151->18146 18152->18154 18154->18105 18428 2f52a0 18155->18428 18157 21a2d7 18157->18112 18158 2f9136 18157->18158 18159 2f9149 __fread_nolock 18158->18159 18452 2f8e8d 18159->18452 18161 2f915e 18162 2f44dc __fread_nolock RtlAllocateHeap 18161->18162 18163 21a2ea 18162->18163 18164 2f4eeb 18163->18164 18165 2f4efe __fread_nolock 18164->18165 18585 2f4801 18165->18585 18167 2f4f0a 18168 2f44dc __fread_nolock RtlAllocateHeap 18167->18168 18169 21a2f0 18168->18169 18169->18115 18171 27cfa7 18170->18171 18173 27cf78 __fread_nolock 18170->18173 18633 280560 18171->18633 18173->18121 18174 27cfba 18174->18121 18648 2fdbfc 18175->18648 18177 21a348 18178 2f8be8 18177->18178 18179 2f8bfb __fread_nolock 18178->18179 18772 2f8ac3 18179->18772 18181 2f8c07 18182 2f44dc __fread_nolock RtlAllocateHeap 18181->18182 18183 2f8c13 18182->18183 18183->18112 18185 2f46ec __fread_nolock RtlAllocateHeap 18184->18185 18186 2f47bf __Getctype 18185->18186 18188 212213 18187->18188 18190 2f065e ___std_exception_copy 18187->18190 18188->18103 18189 2f068b 18202 2fd7d6 18189->18202 18190->18188 18190->18189 18193 3056b8 18190->18193 18194 3056c6 18193->18194 18195 3056d4 18193->18195 18194->18195 18200 3056ec 18194->18200 18205 2fd23f 18195->18205 18197 3056dc 18208 2f47a0 18197->18208 18199 3056e6 18199->18189 18200->18199 18201 2fd23f __dosmaperr RtlAllocateHeap 18200->18201 18201->18197 18203 306db3 __freea RtlAllocateHeap 18202->18203 18204 2fd7ee 18203->18204 18204->18188 18211 305d2c 18205->18211 18316 2f46ec 18208->18316 18213 305d35 __dosmaperr 18211->18213 18212 2fd244 18212->18197 18213->18212 18222 3063f3 18213->18222 18215 305d79 __dosmaperr 18216 305d81 __dosmaperr 18215->18216 18217 305db9 18215->18217 18226 306db3 18216->18226 18230 305a09 18217->18230 18221 306db3 __freea RtlAllocateHeap 18221->18212 18223 306400 __dosmaperr std::_Facet_Register 18222->18223 18224 30642b RtlAllocateHeap 18223->18224 18225 30643e __dosmaperr 18223->18225 18224->18223 18224->18225 18225->18215 18227 306dbe __dosmaperr 18226->18227 18229 306de8 18226->18229 18228 2fd23f __dosmaperr RtlAllocateHeap 18227->18228 18227->18229 18228->18229 18229->18212 18231 305a77 __dosmaperr 18230->18231 18234 3059af 18231->18234 18233 305aa0 18233->18221 18235 3059bb __fread_nolock std::_Lockit::_Lockit 18234->18235 18238 305b90 18235->18238 18237 3059dd __dosmaperr 18237->18233 18239 305b9f __Getctype 18238->18239 18241 305bc6 __Getctype 18238->18241 18239->18241 18242 30f2a7 18239->18242 18241->18237 18244 30f327 18242->18244 18245 30f2bd 18242->18245 18246 306db3 __freea RtlAllocateHeap 18244->18246 18268 30f375 18244->18268 18245->18244 18250 30f2f0 18245->18250 18252 306db3 __freea RtlAllocateHeap 18245->18252 18247 30f349 18246->18247 18248 306db3 __freea RtlAllocateHeap 18247->18248 18249 30f35c 18248->18249 18254 306db3 __freea RtlAllocateHeap 18249->18254 18255 306db3 __freea RtlAllocateHeap 18250->18255 18269 30f312 18250->18269 18251 306db3 __freea RtlAllocateHeap 18256 30f31c 18251->18256 18258 30f2e5 18252->18258 18253 30f383 18257 30f3e3 18253->18257 18264 306db3 RtlAllocateHeap __freea 18253->18264 18259 30f36a 18254->18259 18260 30f307 18255->18260 18261 306db3 __freea RtlAllocateHeap 18256->18261 18262 306db3 __freea RtlAllocateHeap 18257->18262 18270 30e5ab 18258->18270 18265 306db3 __freea RtlAllocateHeap 18259->18265 18298 30ea0a 18260->18298 18261->18244 18267 30f3e9 18262->18267 18264->18253 18265->18268 18267->18241 18310 30f418 18268->18310 18269->18251 18271 30e5bc 18270->18271 18297 30e6a5 18270->18297 18272 30e5cd 18271->18272 18273 306db3 __freea RtlAllocateHeap 18271->18273 18274 30e5df 18272->18274 18275 306db3 __freea RtlAllocateHeap 18272->18275 18273->18272 18276 30e5f1 18274->18276 18277 306db3 __freea RtlAllocateHeap 18274->18277 18275->18274 18278 306db3 __freea RtlAllocateHeap 18276->18278 18280 30e603 18276->18280 18277->18276 18278->18280 18279 30e615 18282 30e627 18279->18282 18283 306db3 __freea RtlAllocateHeap 18279->18283 18280->18279 18281 306db3 __freea RtlAllocateHeap 18280->18281 18281->18279 18284 30e639 18282->18284 18285 306db3 __freea RtlAllocateHeap 18282->18285 18283->18282 18286 30e64b 18284->18286 18287 306db3 __freea RtlAllocateHeap 18284->18287 18285->18284 18288 30e65d 18286->18288 18289 306db3 __freea RtlAllocateHeap 18286->18289 18287->18286 18290 30e66f 18288->18290 18291 306db3 __freea RtlAllocateHeap 18288->18291 18289->18288 18292 30e681 18290->18292 18293 306db3 __freea RtlAllocateHeap 18290->18293 18291->18290 18294 30e693 18292->18294 18295 306db3 __freea RtlAllocateHeap 18292->18295 18293->18292 18296 306db3 __freea RtlAllocateHeap 18294->18296 18294->18297 18295->18294 18296->18297 18297->18250 18299 30ea6f 18298->18299 18300 30ea17 18298->18300 18299->18269 18301 30ea27 18300->18301 18302 306db3 __freea RtlAllocateHeap 18300->18302 18303 30ea39 18301->18303 18305 306db3 __freea RtlAllocateHeap 18301->18305 18302->18301 18304 30ea4b 18303->18304 18306 306db3 __freea RtlAllocateHeap 18303->18306 18307 30ea5d 18304->18307 18308 306db3 __freea RtlAllocateHeap 18304->18308 18305->18303 18306->18304 18307->18299 18309 306db3 __freea RtlAllocateHeap 18307->18309 18308->18307 18309->18299 18311 30f425 18310->18311 18312 30f444 18310->18312 18311->18312 18313 30ef31 __Getctype RtlAllocateHeap 18311->18313 18312->18253 18314 30f43e 18313->18314 18315 306db3 __freea RtlAllocateHeap 18314->18315 18315->18312 18317 2f46fe __fread_nolock 18316->18317 18322 2f4723 18317->18322 18319 2f4716 18329 2f44dc 18319->18329 18323 2f473a __fread_nolock __Getctype 18322->18323 18324 2f4733 18322->18324 18326 2f4748 18323->18326 18327 2f46ec __fread_nolock RtlAllocateHeap 18323->18327 18335 2f4541 18324->18335 18326->18319 18328 2f47ac 18327->18328 18328->18319 18330 2f44e8 18329->18330 18331 2f44ff 18330->18331 18350 2f4587 18330->18350 18333 2f4512 18331->18333 18334 2f4587 __fread_nolock RtlAllocateHeap 18331->18334 18333->18199 18334->18333 18336 2f4550 18335->18336 18339 305ddd 18336->18339 18340 305df0 __dosmaperr 18339->18340 18341 2f4572 18340->18341 18342 3063f3 __dosmaperr RtlAllocateHeap 18340->18342 18341->18323 18343 305e20 __dosmaperr 18342->18343 18344 305e5c 18343->18344 18345 305e28 __dosmaperr 18343->18345 18346 305a09 __dosmaperr RtlAllocateHeap 18344->18346 18347 306db3 __freea RtlAllocateHeap 18345->18347 18348 305e67 18346->18348 18347->18341 18349 306db3 __freea RtlAllocateHeap 18348->18349 18349->18341 18351 2f459a 18350->18351 18352 2f4591 18350->18352 18351->18331 18353 2f4541 __fread_nolock RtlAllocateHeap 18352->18353 18354 2f4596 18353->18354 18354->18351 18357 300259 18354->18357 18358 30025e std::locale::_Setgloballocale 18357->18358 18362 300269 std::locale::_Setgloballocale 18358->18362 18363 30c7c6 18358->18363 18384 2ff224 18362->18384 18367 30c7d2 __fread_nolock 18363->18367 18364 305d2c __dosmaperr RtlAllocateHeap 18371 30c803 std::locale::_Setgloballocale 18364->18371 18365 30c822 18366 2fd23f __dosmaperr RtlAllocateHeap 18365->18366 18369 30c827 18366->18369 18367->18364 18367->18365 18367->18371 18372 30c834 std::_Lockit::_Lockit std::locale::_Setgloballocale 18367->18372 18368 30c80c 18368->18362 18370 2f47a0 __fread_nolock RtlAllocateHeap 18369->18370 18370->18368 18371->18365 18371->18368 18371->18372 18373 30c9a4 std::_Lockit::~_Lockit 18372->18373 18374 30c8a7 18372->18374 18376 30c8d5 std::locale::_Setgloballocale 18372->18376 18375 2ff224 std::locale::_Setgloballocale RtlAllocateHeap 18373->18375 18374->18376 18387 305bdb 18374->18387 18377 30c9b7 18375->18377 18376->18368 18378 30c92a 18376->18378 18380 305bdb __Getctype RtlAllocateHeap 18376->18380 18378->18368 18383 305bdb __Getctype RtlAllocateHeap 18378->18383 18380->18378 18382 305bdb __Getctype RtlAllocateHeap 18382->18376 18383->18368 18401 2ff094 18384->18401 18386 2ff235 18388 305be4 __dosmaperr 18387->18388 18389 3063f3 __dosmaperr RtlAllocateHeap 18388->18389 18390 305bfb 18388->18390 18393 305c28 __dosmaperr 18389->18393 18391 305c8b 18390->18391 18392 300259 __Getctype RtlAllocateHeap 18390->18392 18391->18382 18395 305c95 18392->18395 18394 305c68 18393->18394 18396 305c30 __dosmaperr 18393->18396 18398 305a09 __dosmaperr RtlAllocateHeap 18394->18398 18397 306db3 __freea RtlAllocateHeap 18396->18397 18397->18390 18399 305c73 18398->18399 18400 306db3 __freea RtlAllocateHeap 18399->18400 18400->18390 18402 2ff0c1 std::locale::_Setgloballocale 18401->18402 18403 2fef23 std::locale::_Setgloballocale RtlAllocateHeap 18402->18403 18404 2ff10a std::locale::_Setgloballocale 18403->18404 18404->18386 18419 2ed6e9 18405->18419 18416 2121de Concurrency::cancel_current_task std::_Xinvalid_argument 18415->18416 18417 2f0651 ___std_exception_copy RtlAllocateHeap 18416->18417 18418 212213 18417->18418 18418->18147 18422 2ed4af 18419->18422 18421 2ed6fa std::_Xinvalid_argument 18425 213010 18422->18425 18426 2f0651 ___std_exception_copy RtlAllocateHeap 18425->18426 18427 21303d 18426->18427 18427->18421 18431 2f52ac __fread_nolock 18428->18431 18429 2f52b3 18430 2fd23f __dosmaperr RtlAllocateHeap 18429->18430 18432 2f52b8 18430->18432 18431->18429 18433 2f52d3 18431->18433 18434 2f47a0 __fread_nolock RtlAllocateHeap 18432->18434 18435 2f52d8 18433->18435 18436 2f52e5 18433->18436 18441 2f52c3 18434->18441 18438 2fd23f __dosmaperr RtlAllocateHeap 18435->18438 18442 306688 18436->18442 18438->18441 18439 2f52ee 18440 2fd23f __dosmaperr RtlAllocateHeap 18439->18440 18439->18441 18440->18441 18441->18157 18443 306694 __fread_nolock std::_Lockit::_Lockit 18442->18443 18446 30672c 18443->18446 18445 3066af 18445->18439 18451 30674f __fread_nolock 18446->18451 18447 3063f3 __dosmaperr RtlAllocateHeap 18448 3067b0 18447->18448 18449 306db3 __freea RtlAllocateHeap 18448->18449 18450 306795 __fread_nolock 18449->18450 18450->18445 18451->18447 18451->18450 18454 2f8e99 __fread_nolock 18452->18454 18453 2f8e9f 18455 2f4723 __fread_nolock RtlAllocateHeap 18453->18455 18454->18453 18457 2f8ee2 __fread_nolock 18454->18457 18456 2f8eba 18455->18456 18456->18161 18459 2f9010 18457->18459 18460 2f9036 18459->18460 18461 2f9023 18459->18461 18468 2f8f37 18460->18468 18461->18456 18463 2f90e7 18463->18456 18464 2f9059 18464->18463 18472 2f55d3 18464->18472 18469 2f8fa0 18468->18469 18470 2f8f48 18468->18470 18469->18464 18470->18469 18481 2fe13d 18470->18481 18473 2f55ec 18472->18473 18477 2f5613 18472->18477 18473->18477 18508 305f82 18473->18508 18475 2f5608 18515 30538b 18475->18515 18478 2fe17d 18477->18478 18479 2fe05c __fread_nolock 2 API calls 18478->18479 18480 2fe196 18479->18480 18480->18463 18482 2fe151 __fread_nolock 18481->18482 18487 2fe05c 18482->18487 18484 2fe166 18485 2f44dc __fread_nolock RtlAllocateHeap 18484->18485 18486 2fe175 18485->18486 18486->18469 18492 30a6de 18487->18492 18489 2fe06e 18490 2fe08a SetFilePointerEx 18489->18490 18491 2fe076 __fread_nolock 18489->18491 18490->18491 18491->18484 18493 30a700 18492->18493 18494 30a6eb 18492->18494 18497 2fd22c __dosmaperr RtlAllocateHeap 18493->18497 18499 30a725 18493->18499 18505 2fd22c 18494->18505 18500 30a730 18497->18500 18498 2fd23f __dosmaperr RtlAllocateHeap 18502 30a6f8 18498->18502 18499->18489 18501 2fd23f __dosmaperr RtlAllocateHeap 18500->18501 18503 30a738 18501->18503 18502->18489 18504 2f47a0 __fread_nolock RtlAllocateHeap 18503->18504 18504->18502 18506 305d2c __dosmaperr RtlAllocateHeap 18505->18506 18507 2fd231 18506->18507 18507->18498 18509 305fa3 18508->18509 18510 305f8e 18508->18510 18509->18475 18511 2fd23f __dosmaperr RtlAllocateHeap 18510->18511 18512 305f93 18511->18512 18513 2f47a0 __fread_nolock RtlAllocateHeap 18512->18513 18514 305f9e 18513->18514 18514->18475 18516 305397 __fread_nolock 18515->18516 18517 3053d8 18516->18517 18519 30541e 18516->18519 18521 30539f 18516->18521 18518 2f4723 __fread_nolock RtlAllocateHeap 18517->18518 18518->18521 18519->18521 18522 30549c 18519->18522 18521->18477 18523 3054c4 18522->18523 18535 3054e7 __fread_nolock 18522->18535 18524 3054c8 18523->18524 18526 305523 18523->18526 18525 2f4723 __fread_nolock RtlAllocateHeap 18524->18525 18525->18535 18527 305541 18526->18527 18528 2fe17d 2 API calls 18526->18528 18536 304fe1 18527->18536 18528->18527 18531 3055a0 18533 305609 WriteFile 18531->18533 18531->18535 18532 305559 18532->18535 18541 304bb2 18532->18541 18533->18535 18535->18521 18547 310d44 18536->18547 18538 304ff3 18539 305021 18538->18539 18556 2f9d10 18538->18556 18539->18531 18539->18532 18542 304c1a 18541->18542 18543 2f9d10 std::_Locinfo::_Locinfo_dtor 2 API calls 18542->18543 18546 304c2b std::_Locinfo::_Locinfo_dtor std::_Locinfo::_Locinfo_ctor 18542->18546 18543->18546 18544 3084be RtlAllocateHeap RtlAllocateHeap 18544->18546 18545 304ee1 _ValidateLocalCookies 18545->18535 18545->18545 18546->18544 18546->18545 18548 310d51 18547->18548 18549 310d5e 18547->18549 18550 2fd23f __dosmaperr RtlAllocateHeap 18548->18550 18552 310d6a 18549->18552 18553 2fd23f __dosmaperr RtlAllocateHeap 18549->18553 18551 310d56 18550->18551 18551->18538 18552->18538 18554 310d8b 18553->18554 18555 2f47a0 __fread_nolock RtlAllocateHeap 18554->18555 18555->18551 18557 2f4587 __fread_nolock RtlAllocateHeap 18556->18557 18558 2f9d20 18557->18558 18563 305ef3 18558->18563 18564 2f9d3d 18563->18564 18565 305f0a 18563->18565 18567 305f51 18564->18567 18565->18564 18571 30f4f3 18565->18571 18568 305f68 18567->18568 18570 2f9d4a 18567->18570 18568->18570 18580 30d81e 18568->18580 18570->18539 18572 30f4ff __fread_nolock 18571->18572 18573 305bdb __Getctype RtlAllocateHeap 18572->18573 18575 30f508 std::_Lockit::_Lockit 18573->18575 18574 30f54e 18574->18564 18575->18574 18576 30f574 __Getctype RtlAllocateHeap 18575->18576 18577 30f537 __Getctype 18576->18577 18577->18574 18578 300259 __Getctype RtlAllocateHeap 18577->18578 18579 30f573 18578->18579 18581 305bdb __Getctype RtlAllocateHeap 18580->18581 18582 30d823 18581->18582 18583 30d736 std::_Locinfo::_Locinfo_dtor RtlAllocateHeap RtlAllocateHeap 18582->18583 18584 30d82e 18583->18584 18584->18570 18586 2f480d __fread_nolock 18585->18586 18587 2f4835 __fread_nolock 18586->18587 18588 2f4814 18586->18588 18592 2f4910 18587->18592 18589 2f4723 __fread_nolock RtlAllocateHeap 18588->18589 18590 2f482d 18589->18590 18590->18167 18595 2f4942 18592->18595 18594 2f4922 18594->18590 18596 2f4979 18595->18596 18597 2f4951 18595->18597 18599 305f82 __fread_nolock RtlAllocateHeap 18596->18599 18598 2f4723 __fread_nolock RtlAllocateHeap 18597->18598 18607 2f496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18598->18607 18600 2f4982 18599->18600 18608 2fe11f 18600->18608 18603 2f4a2c 18611 2f4cae 18603->18611 18605 2f4a43 18605->18607 18619 2f4ae3 18605->18619 18607->18594 18626 2fdf37 18608->18626 18610 2f49a0 18610->18603 18610->18605 18610->18607 18612 2f4cbd 18611->18612 18613 305f82 __fread_nolock RtlAllocateHeap 18612->18613 18614 2f4cd9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18613->18614 18615 2fe11f 2 API calls 18614->18615 18618 2f4ce5 _ValidateLocalCookies 18614->18618 18616 2f4d39 18615->18616 18617 2fe11f 2 API calls 18616->18617 18616->18618 18617->18618 18618->18607 18620 305f82 __fread_nolock RtlAllocateHeap 18619->18620 18621 2f4af6 18620->18621 18622 2fe11f 2 API calls 18621->18622 18624 2f4b40 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18621->18624 18623 2f4b9d 18622->18623 18623->18624 18625 2fe11f 2 API calls 18623->18625 18624->18607 18625->18624 18628 2fdf43 __fread_nolock 18626->18628 18627 2fdf4b 18627->18610 18628->18627 18629 2fdf86 18628->18629 18631 2fdfcc 18628->18631 18630 2f4723 __fread_nolock RtlAllocateHeap 18629->18630 18630->18627 18631->18627 18632 2fe05c __fread_nolock 2 API calls 18631->18632 18632->18627 18634 2806a9 18633->18634 18637 280585 18633->18637 18635 212270 RtlAllocateHeap 18634->18635 18636 2806ae 18635->18636 18638 2121d0 Concurrency::cancel_current_task RtlAllocateHeap 18636->18638 18639 2805f0 18637->18639 18640 2805e3 18637->18640 18642 28059a 18637->18642 18647 2805aa __fread_nolock std::_Locinfo::_Locinfo_ctor 18638->18647 18644 2ef290 std::_Facet_Register RtlAllocateHeap 18639->18644 18639->18647 18640->18636 18640->18642 18641 2ef290 std::_Facet_Register RtlAllocateHeap 18641->18647 18642->18641 18643 2f47b0 RtlAllocateHeap 18645 2806b8 18643->18645 18644->18647 18646 280667 __fread_nolock std::_Locinfo::_Locinfo_ctor 18646->18174 18647->18643 18647->18646 18650 2fdc08 __fread_nolock 18648->18650 18649 2fdc40 __fread_nolock 18649->18177 18650->18649 18652 2fdc52 __fread_nolock 18650->18652 18653 2fdc1b __fread_nolock 18650->18653 18651 2fd23f __dosmaperr RtlAllocateHeap 18654 2fdc35 18651->18654 18657 2fda06 18652->18657 18653->18651 18656 2f47a0 __fread_nolock RtlAllocateHeap 18654->18656 18656->18649 18658 2fda35 18657->18658 18662 2fda18 __fread_nolock 18657->18662 18658->18649 18659 2fda25 18660 2fd23f __dosmaperr RtlAllocateHeap 18659->18660 18661 2fda2a 18660->18661 18663 2f47a0 __fread_nolock RtlAllocateHeap 18661->18663 18662->18658 18662->18659 18664 2fda76 __fread_nolock 18662->18664 18663->18658 18664->18658 18665 2fdba1 __fread_nolock 18664->18665 18667 305f82 __fread_nolock RtlAllocateHeap 18664->18667 18670 304623 18664->18670 18729 2f8a2b 18664->18729 18668 2fd23f __dosmaperr RtlAllocateHeap 18665->18668 18667->18664 18668->18661 18671 304635 18670->18671 18672 30464d 18670->18672 18673 2fd22c __dosmaperr RtlAllocateHeap 18671->18673 18674 30498f 18672->18674 18679 304690 18672->18679 18676 30463a 18673->18676 18675 2fd22c __dosmaperr RtlAllocateHeap 18674->18675 18677 304994 18675->18677 18678 2fd23f __dosmaperr RtlAllocateHeap 18676->18678 18680 2fd23f __dosmaperr RtlAllocateHeap 18677->18680 18681 304642 18678->18681 18679->18681 18682 30469b 18679->18682 18689 3046cb 18679->18689 18683 3046a8 18680->18683 18681->18664 18684 2fd22c __dosmaperr RtlAllocateHeap 18682->18684 18687 2f47a0 __fread_nolock RtlAllocateHeap 18683->18687 18685 3046a0 18684->18685 18686 2fd23f __dosmaperr RtlAllocateHeap 18685->18686 18686->18683 18687->18681 18688 3046e4 18690 3046f1 18688->18690 18695 30470d 18688->18695 18689->18688 18689->18690 18691 30471f 18689->18691 18692 2fd22c __dosmaperr RtlAllocateHeap 18690->18692 18743 306e2d 18691->18743 18694 3046f6 18692->18694 18697 2fd23f __dosmaperr RtlAllocateHeap 18694->18697 18698 310d44 __fread_nolock RtlAllocateHeap 18695->18698 18700 3046fd 18697->18700 18713 30486b 18698->18713 18699 306db3 __freea RtlAllocateHeap 18701 304739 18699->18701 18702 2f47a0 __fread_nolock RtlAllocateHeap 18700->18702 18704 306db3 __freea RtlAllocateHeap 18701->18704 18728 304708 __fread_nolock 18702->18728 18703 3048e3 ReadFile 18705 304957 18703->18705 18706 3048fb 18703->18706 18707 304740 18704->18707 18716 304964 18705->18716 18726 3048b5 18705->18726 18706->18705 18708 3048d4 18706->18708 18709 304765 18707->18709 18710 30474a 18707->18710 18719 304920 18708->18719 18720 304937 18708->18720 18708->18728 18712 2fe13d __fread_nolock 2 API calls 18709->18712 18714 2fd23f __dosmaperr RtlAllocateHeap 18710->18714 18711 306db3 __freea RtlAllocateHeap 18711->18681 18712->18695 18713->18703 18715 30489b 18713->18715 18717 30474f 18714->18717 18715->18708 18715->18726 18718 2fd23f __dosmaperr RtlAllocateHeap 18716->18718 18721 2fd22c __dosmaperr RtlAllocateHeap 18717->18721 18722 304969 18718->18722 18754 304335 18719->18754 18720->18728 18764 30417b 18720->18764 18721->18728 18727 2fd22c __dosmaperr RtlAllocateHeap 18722->18727 18726->18728 18749 2fd1e5 18726->18749 18727->18728 18728->18711 18730 2f8a3c 18729->18730 18734 2f8a38 std::_Locinfo::_Locinfo_ctor 18729->18734 18731 2f8a43 18730->18731 18736 2f8a56 __fread_nolock 18730->18736 18732 2fd23f __dosmaperr RtlAllocateHeap 18731->18732 18733 2f8a48 18732->18733 18735 2f47a0 __fread_nolock RtlAllocateHeap 18733->18735 18734->18664 18735->18734 18736->18734 18737 2f8a84 18736->18737 18739 2f8a8d 18736->18739 18738 2fd23f __dosmaperr RtlAllocateHeap 18737->18738 18740 2f8a89 18738->18740 18739->18734 18741 2fd23f __dosmaperr RtlAllocateHeap 18739->18741 18742 2f47a0 __fread_nolock RtlAllocateHeap 18740->18742 18741->18740 18742->18734 18744 306e6b 18743->18744 18745 306e3b __dosmaperr std::_Facet_Register 18743->18745 18746 2fd23f __dosmaperr RtlAllocateHeap 18744->18746 18745->18744 18747 306e56 RtlAllocateHeap 18745->18747 18748 304730 18746->18748 18747->18745 18747->18748 18748->18699 18750 2fd22c __dosmaperr RtlAllocateHeap 18749->18750 18751 2fd1f0 __dosmaperr 18750->18751 18752 2fd23f __dosmaperr RtlAllocateHeap 18751->18752 18753 2fd203 18752->18753 18753->18728 18768 30402e 18754->18768 18757 3043d7 18761 304391 __fread_nolock 18757->18761 18762 2fe13d __fread_nolock 2 API calls 18757->18762 18758 3043c7 18759 2fd23f __dosmaperr RtlAllocateHeap 18758->18759 18760 30437d 18759->18760 18760->18728 18761->18760 18763 2fd1e5 __dosmaperr RtlAllocateHeap 18761->18763 18762->18761 18763->18760 18765 3041b5 18764->18765 18766 304246 18765->18766 18767 2fe13d __fread_nolock 2 API calls 18765->18767 18766->18728 18767->18766 18769 304062 18768->18769 18770 3040ce 18769->18770 18771 2fe13d __fread_nolock 2 API calls 18769->18771 18770->18757 18770->18758 18770->18760 18770->18761 18771->18770 18773 2f8acf __fread_nolock 18772->18773 18774 2f8ad9 18773->18774 18777 2f8afc __fread_nolock 18773->18777 18775 2f4723 __fread_nolock RtlAllocateHeap 18774->18775 18776 2f8af4 18775->18776 18776->18181 18777->18776 18779 2f8b5a 18777->18779 18780 2f8b8a 18779->18780 18781 2f8b67 18779->18781 18783 2f55d3 4 API calls 18780->18783 18784 2f8b82 18780->18784 18782 2f4723 __fread_nolock RtlAllocateHeap 18781->18782 18782->18784 18785 2f8ba2 18783->18785 18784->18776 18793 306ded 18785->18793 18788 305f82 __fread_nolock RtlAllocateHeap 18789 2f8bb6 18788->18789 18797 304a3f 18789->18797 18792 306db3 __freea RtlAllocateHeap 18792->18784 18794 306e04 18793->18794 18796 2f8baa 18793->18796 18795 306db3 __freea RtlAllocateHeap 18794->18795 18794->18796 18795->18796 18796->18788 18798 304a68 18797->18798 18799 2f8bbd 18797->18799 18800 304ab7 18798->18800 18802 304a8f 18798->18802 18799->18784 18799->18792 18801 2f4723 __fread_nolock RtlAllocateHeap 18800->18801 18801->18799 18804 3049ae 18802->18804 18805 3049ba __fread_nolock 18804->18805 18807 3049f9 18805->18807 18808 304b12 18805->18808 18807->18799 18809 30a6de __fread_nolock RtlAllocateHeap 18808->18809 18810 304b22 18809->18810 18812 304b5a 18810->18812 18813 30a6de __fread_nolock RtlAllocateHeap 18810->18813 18818 304b28 18810->18818 18814 30a6de __fread_nolock RtlAllocateHeap 18812->18814 18812->18818 18815 304b51 18813->18815 18816 304b66 FindCloseChangeNotification 18814->18816 18817 30a6de __fread_nolock RtlAllocateHeap 18815->18817 18816->18818 18817->18812 18820 30a64d 18818->18820 18819 304b80 __fread_nolock 18819->18807 18823 30a65c 18820->18823 18821 2fd23f __dosmaperr RtlAllocateHeap 18822 30a6c8 18821->18822 18824 2fd22c __dosmaperr RtlAllocateHeap 18822->18824 18823->18821 18825 30a686 18823->18825 18824->18825 18825->18819 19901 4c20000 19902 4c20005 19901->19902 19903 4c20340 GetCurrentHwProfileW 19902->19903 19904 4c20355 19903->19904 20115 4c20184 20116 4c2018e GetCurrentHwProfileW 20115->20116 20118 4c20355 20116->20118 18832 273a40 18833 273a55 18832->18833 18834 273b28 GetPEB 18833->18834 18835 273a73 GetPEB 18833->18835 18836 273b9d Sleep 18833->18836 18837 273ae8 Sleep 18833->18837 18838 273bc7 18833->18838 18834->18833 18835->18833 18836->18833 18837->18833

                                  Executed Functions

                                  Function 00273A40 Relevance: 2.7, APIs: 2, Instructions: 157sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 281 273a40-273a52 282 273a55-273a61 281->282 284 273a67-273a6d 282->284 285 273b28-273b31 GetPEB 282->285 284->285 287 273a73-273a7f GetPEB 284->287 286 273b34-273b48 285->286 288 273b4a-273b4f 286->288 289 273b99-273b9b 286->289 290 273a80-273a94 287->290 288->289 291 273b51-273b59 288->291 289->286 292 273a96-273a9b 290->292 293 273ae4-273ae6 290->293 294 273b60-273b73 291->294 292->293 295 273a9d-273aa3 292->295 293->290 297 273b75-273b88 294->297 298 273b92-273b97 294->298 296 273aa5-273ab8 295->296 300 273add-273ae2 296->300 301 273aba 296->301 297->297 299 273b8a-273b90 297->299 298->289 298->294 299->298 302 273b9d-273bc2 Sleep 299->302 300->293 300->296 303 273ac0-273ad3 301->303 302->282 303->303 304 273ad5-273adb 303->304 304->300 305 273ae8-273b0d Sleep 304->305 306 273b13-273b1a 305->306 306->285 307 273b1c-273b22 306->307 307->285 308 273bc7-273bd8 call 216bd0 307->308 311 273bde 308->311 312 273bda-273bdc 308->312 313 273be0-273bfd call 216bd0 311->313 312->313
                                  APIs
                                  • Sleep.KERNELBASE(000003E9,?,00000001,00000000,?,?,?,?,?,?,?,?,00273DB6), ref: 00273B08
                                  • Sleep.KERNELBASE(00000001,?,00000001,00000000,?,?,?,?,?,?,?,?,00273DB6), ref: 00273BBA
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: 577013c1b45769c3bd243829062153bc30c053a75f107bf121df6bd722f681f9
                                  • Instruction ID: ccef5a1183d406ddc9d65a6936c49d63e6675bb59a9a024e23dcb50d174be6fa
                                  • Opcode Fuzzy Hash: 577013c1b45769c3bd243829062153bc30c053a75f107bf121df6bd722f681f9
                                  • Instruction Fuzzy Hash: 8F51B835A1421ACFCB24CF58C8D1EAAB3B5FF48708F29859AD449AB351D731EE15DB80
                                  Function 0022E0A0 Relevance: 6.1, APIs: 4, Instructions: 100networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 22e0a0-22e0d2 WSAStartup 1 22e1b7-22e1c0 0->1 2 22e0d8-22e102 call 216bd0 * 2 0->2 7 22e104-22e108 2->7 8 22e10e-22e165 2->8 7->1 7->8 10 22e1b1 8->10 11 22e167-22e16d 8->11 10->1 12 22e1c5-22e1cf 11->12 13 22e16f 11->13 12->10 17 22e1d1-22e1d9 12->17 14 22e175-22e189 socket 13->14 14->10 16 22e18b-22e19b connect 14->16 18 22e1c1 16->18 19 22e19d-22e1a5 closesocket 16->19 18->12 19->14 20 22e1a7-22e1ab 19->20 20->10
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Startupclosesocketconnectsocket
                                  • String ID:
                                  • API String ID: 3098855095-0
                                  • Opcode ID: 8440f7d8ae3c828e4a1313edbb41495a8ca2c513016897ab2267171121762ab5
                                  • Instruction ID: 2daaac0b151821fcbc2475f8b0021e972ee119ab34630aa12f62103fef22f6f6
                                  • Opcode Fuzzy Hash: 8440f7d8ae3c828e4a1313edbb41495a8ca2c513016897ab2267171121762ab5
                                  • Instruction Fuzzy Hash: F831D2715043116BDB209F68DC4976BB7E4EF85738F025F2DF8A8A62D0D3319C249BA2
                                  Function 002EF290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 21 2ef290-2ef293 22 2ef2a2-2ef2a5 call 2fdf2c 21->22 24 2ef2aa-2ef2ad 22->24 25 2ef2af-2ef2b0 24->25 26 2ef295-2ef2a0 call 3017d8 24->26 26->22 29 2ef2b1-2ef2b5 26->29 30 2121d0-212220 call 2121b0 call 2f0efb call 2f0651 29->30 31 2ef2bb 29->31 31->31
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0021220E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!
                                  • API String ID: 2659868963-2180691272
                                  • Opcode ID: 4c3baa47f2fc7ac8229b19121d48aeb457c3582fa999572f82e77655b378a937
                                  • Instruction ID: 5797e7a1145d7205acbe704b388a24ee9ef47f069e0dd1505d19624fb95200fa
                                  • Opcode Fuzzy Hash: 4c3baa47f2fc7ac8229b19121d48aeb457c3582fa999572f82e77655b378a937
                                  • Instruction Fuzzy Hash: DF012B3941030DABCB18EFA9E8019A9B7ECDA00360B404439FF1CDB691E770E9B48BD1
                                  Function 04C20041 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 209COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: P
                                  • API String ID: 0-3110715001
                                  • Opcode ID: 046fd0d9ecb231f99dcdfb799274adf3000e249aeb505cf24f41a70b6a48d2dc
                                  • Instruction ID: 38942e17965b364f2c494f4d80377b0435d112bc8d518689ef86b488b1bf0789
                                  • Opcode Fuzzy Hash: 046fd0d9ecb231f99dcdfb799274adf3000e249aeb505cf24f41a70b6a48d2dc
                                  • Instruction Fuzzy Hash: 0E4106EB30C231BEF20296536B55AFB6B6FE5C2330738842BF647E5502F2D46A496131
                                  Function 04C20000 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID: PRPR
                                  • API String ID: 2104809126-1001624005
                                  • Opcode ID: 81e4fc6ffde29acce3b0d4e11ad8c130a96e37f54f50e92da5f10abc046dbb34
                                  • Instruction ID: edb511ae18d6b3d3d1928b6577c315d32055b7ff2d06d04cea7c0c42a745420f
                                  • Opcode Fuzzy Hash: 81e4fc6ffde29acce3b0d4e11ad8c130a96e37f54f50e92da5f10abc046dbb34
                                  • Instruction Fuzzy Hash: E8419DEB30C231BDB10286576B54AFA6A2FE6C6734738842BF607E5102F2D46A497131
                                  Function 002F4942 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 157COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 126 2f4942-2f494f 127 2f4979-2f498d call 305f82 126->127 128 2f4951-2f4974 call 2f4723 126->128 134 2f498f 127->134 135 2f4992-2f499b call 2fe11f 127->135 133 2f4ae0-2f4ae2 128->133 134->135 137 2f49a0-2f49af 135->137 138 2f49bf-2f49c8 137->138 139 2f49b1 137->139 142 2f49dc-2f4a10 138->142 143 2f49ca-2f49d7 138->143 140 2f4a89-2f4a8e 139->140 141 2f49b7-2f49b9 139->141 144 2f4ade-2f4adf 140->144 141->138 141->140 146 2f4a6d-2f4a79 142->146 147 2f4a12-2f4a1c 142->147 145 2f4adc 143->145 144->133 145->144 148 2f4a7b-2f4a82 146->148 149 2f4a90-2f4a93 146->149 150 2f4a1e-2f4a2a 147->150 151 2f4a43-2f4a4f 147->151 148->140 152 2f4a96-2f4a9e 149->152 150->151 153 2f4a2c-2f4a3e call 2f4cae 150->153 151->149 154 2f4a51-2f4a6b call 2f4e59 151->154 155 2f4ada 152->155 156 2f4aa0-2f4aa6 152->156 153->144 154->152 155->145 160 2f4abe-2f4ac2 156->160 161 2f4aa8-2f4abc call 2f4ae3 156->161 164 2f4ad5-2f4ad7 160->164 165 2f4ac4-2f4ad2 call 314a10 160->165 161->144 164->155 165->164
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: O/
                                  • API String ID: 0-786838103
                                  • Opcode ID: 0f2ed4acd35e06abfeb8ab5359506890258ebe257ad8b887becf5c10587ee188
                                  • Instruction ID: 6461959355aaffaa787067a780a662ae6531c6f4a13dcbb5b9a6d6c4636a9cac
                                  • Opcode Fuzzy Hash: 0f2ed4acd35e06abfeb8ab5359506890258ebe257ad8b887becf5c10587ee188
                                  • Instruction Fuzzy Hash: E951E770A1010CAFDB14EF58C891ABBFBB5EF45394F248168F9499B252D3B19E61CB90
                                  Function 00304623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 169 304623-304633 170 304635-304648 call 2fd22c call 2fd23f 169->170 171 30464d-30464f 169->171 188 3049a7 170->188 173 304655-30465b 171->173 174 30498f-30499c call 2fd22c call 2fd23f 171->174 173->174 177 304661-30468a 173->177 191 3049a2 call 2f47a0 174->191 177->174 180 304690-304699 177->180 183 3046b3-3046b5 180->183 184 30469b-3046ae call 2fd22c call 2fd23f 180->184 186 30498b-30498d 183->186 187 3046bb-3046bf 183->187 184->191 193 3049aa-3049ad 186->193 187->186 192 3046c5-3046c9 187->192 188->193 191->188 192->184 196 3046cb-3046e2 192->196 198 3046e4-3046e7 196->198 199 304717-30471d 196->199 202 3046e9-3046ef 198->202 203 30470d-304715 198->203 200 3046f1-304708 call 2fd22c call 2fd23f call 2f47a0 199->200 201 30471f-304726 199->201 230 3048c2 200->230 205 304728 201->205 206 30472a-30472b call 306e2d 201->206 202->200 202->203 204 30478a-3047a9 203->204 208 304865-30486e call 310d44 204->208 209 3047af-3047bb 204->209 205->206 213 304730-304748 call 306db3 * 2 206->213 220 304870-304882 208->220 221 3048df 208->221 209->208 212 3047c1-3047c3 209->212 212->208 216 3047c9-3047ea 212->216 238 304765-304788 call 2fe13d 213->238 239 30474a-304760 call 2fd23f call 2fd22c 213->239 216->208 222 3047ec-304802 216->222 220->221 225 304884-304893 220->225 226 3048e3-3048f9 ReadFile 221->226 222->208 227 304804-304806 222->227 225->221 243 304895-304899 225->243 231 304957-304962 226->231 232 3048fb-304901 226->232 227->208 233 304808-30482b 227->233 240 3048c5-3048cf call 306db3 230->240 251 304964-304976 call 2fd23f call 2fd22c 231->251 252 30497b-30497e 231->252 232->231 236 304903 232->236 233->208 237 30482d-304843 233->237 245 304906-304918 236->245 237->208 246 304845-304847 237->246 238->204 239->230 240->193 243->226 250 30489b-3048b3 243->250 245->240 253 30491a-30491e 245->253 246->208 254 304849-304860 246->254 270 3048d4-3048dd 250->270 271 3048b5-3048ba 250->271 251->230 259 304984-304986 252->259 260 3048bb-3048c1 call 2fd1e5 252->260 257 304920-304930 call 304335 253->257 258 304937-304944 253->258 254->208 279 304933-304935 257->279 266 304950-304955 call 30417b 258->266 267 304946 call 30448c 258->267 259->240 260->230 276 30494b-30494e 266->276 267->276 270->245 271->260 276->279 279->240
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 567fc9bfc9507278f83a0c3a31b4d57581aea4163067429cdae6f313e081e07f
                                  • Instruction ID: 5e1d7a3cb6c80fc64046906ae49d0aad243bda76f011e63fbaaa39218e5ba048
                                  • Opcode Fuzzy Hash: 567fc9bfc9507278f83a0c3a31b4d57581aea4163067429cdae6f313e081e07f
                                  • Instruction Fuzzy Hash: D6B13BB0A05249AFDB13DF98D8A1BBEBBB5AF46300F154168E6409B2C2C771AE51CF51
                                  Function 0021A210 Relevance: 1.7, APIs: 1, Instructions: 231COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 316 21a210-21a2ab call 2ef290 call 212ae0 321 21a2b0-21a2bb 316->321 321->321 322 21a2bd-21a2c8 321->322 323 21a2ca 322->323 324 21a2cd-21a2de call 2f5362 322->324 323->324 327 21a351-21a357 324->327 328 21a2e0-21a305 call 2f9136 call 2f4eeb call 2f9136 324->328 330 21a381-21a393 327->330 331 21a359-21a365 327->331 346 21a307 328->346 347 21a30c-21a316 328->347 333 21a377-21a37e call 2ef511 331->333 334 21a367-21a375 331->334 333->330 334->333 336 21a394-21a3ae call 2f47b0 334->336 343 21a3b0-21a3bb 336->343 343->343 345 21a3bd-21a3c8 343->345 348 21a3ca 345->348 349 21a3cd-21a3df call 2f5362 345->349 346->347 350 21a328-21a32f call 27cf60 347->350 351 21a318-21a31c 347->351 348->349 360 21a3e1-21a3f9 call 2f9136 call 2f4eeb call 2f8be8 349->360 361 21a3fc-21a403 349->361 356 21a334-21a33a 350->356 352 21a320-21a326 351->352 353 21a31e 351->353 352->356 353->352 358 21a33c 356->358 359 21a33e-21a349 call 2fdbdf call 2f8be8 356->359 358->359 376 21a34e 359->376 360->361 362 21a405-21a411 361->362 363 21a42d-21a433 361->363 366 21a423-21a42a call 2ef511 362->366 367 21a413-21a421 362->367 366->363 367->366 370 21a434-21a45e call 2f47b0 367->370 383 21a460-21a464 370->383 384 21a46f-21a474 370->384 376->327 383->384 385 21a466-21a46e 383->385
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __fread_nolock
                                  • String ID:
                                  • API String ID: 2638373210-0
                                  • Opcode ID: c7a6c4c90ba69bd95a487fe68d9fe0d9b5a48781750c24e3400881418b9d7292
                                  • Instruction ID: ce1649d151f0ee528c4c6b37fafc322b587cdc2689647eb4afe2a84cbb8d7cc2
                                  • Opcode Fuzzy Hash: c7a6c4c90ba69bd95a487fe68d9fe0d9b5a48781750c24e3400881418b9d7292
                                  • Instruction Fuzzy Hash: 16714870911208AFDB14DF68CC45BEFF7E8EF41340F1041ADF9199B282D7B599908B92
                                  Function 0030549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 386 30549c-3054be 387 3056b1 386->387 388 3054c4-3054c6 386->388 391 3056b3-3056b7 387->391 389 3054f2-305515 388->389 390 3054c8-3054e7 call 2f4723 388->390 393 305517-305519 389->393 394 30551b-305521 389->394 397 3054ea-3054ed 390->397 393->394 396 305523-305534 393->396 394->390 394->396 398 305536-305544 call 2fe17d 396->398 399 305547-305557 call 304fe1 396->399 397->391 398->399 404 3055a0-3055b2 399->404 405 305559-30555f 399->405 408 3055b4-3055ba 404->408 409 305609-305629 WriteFile 404->409 406 305561-305564 405->406 407 305588-30559e call 304bb2 405->407 410 305566-305569 406->410 411 30556f-30557e call 304f79 406->411 428 305581-305583 407->428 415 3055f5-305607 call 30505e 408->415 416 3055bc-3055bf 408->416 413 305634 409->413 414 30562b-305631 409->414 410->411 417 305649-30564c 410->417 411->428 421 305637-305642 413->421 414->413 437 3055dc-3055df 415->437 422 3055e1-3055f3 call 305222 416->422 423 3055c1-3055c4 416->423 424 30564f-305651 417->424 430 305644-305647 421->430 431 3056ac-3056af 421->431 422->437 423->424 432 3055ca-3055d7 call 305139 423->432 434 305653-305658 424->434 435 30567f-30568b 424->435 428->421 430->417 431->391 432->437 438 305671-30567a call 2fd208 434->438 439 30565a-30566c 434->439 440 305695-3056a7 435->440 441 30568d-305693 435->441 437->428 438->397 439->397 440->397 441->387 441->440
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000000,002F9087,?,00000000,00000000,00000000,?,00000000,?,0021A3EB,002F9087,00000000,0021A3EB,?,?), ref: 00305621
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: fe20f119b7b91cafa61f9765e8ba3694f2dc0ae85c9583123a3d458f07bc08f3
                                  • Instruction ID: 593884700fab013d29462d4da2d229328b62da86a4d16a40223592f40c80e531
                                  • Opcode Fuzzy Hash: fe20f119b7b91cafa61f9765e8ba3694f2dc0ae85c9583123a3d458f07bc08f3
                                  • Instruction Fuzzy Hash: B761A27190150DAFDF12DFA8C894AEFBBBAAF1A304F550145E900AB295D772D911CFA0
                                  Function 04C20023 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 444 4c20023-4c20126 455 4c20138-4c20170 call 4c20178 444->455 460 4c20172-4c20321 455->460 461 4c20135-4c20136 455->461 480 4c2032d-4c20345 GetCurrentHwProfileW 460->480 461->455 482 4c20355-4c2035f call 4c2036d 480->482
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 9fd008eb2126ec51dfb2d1c0897e8d1ce628b963c445995520bdebbdc62b1d47
                                  • Instruction ID: 935bdea0d7a264b50da6399e1844f4fc4ada2e2fb5a99788fdb5c401f83b4ff7
                                  • Opcode Fuzzy Hash: 9fd008eb2126ec51dfb2d1c0897e8d1ce628b963c445995520bdebbdc62b1d47
                                  • Instruction Fuzzy Hash: D241CFEF30C231BDB1018A476B54AFB6B6FE2C6330738842BF607E5102F2D46A896031
                                  Function 04C20012 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 485 4c20012-4c20126 497 4c20138-4c20170 call 4c20178 485->497 502 4c20172-4c20321 497->502 503 4c20135-4c20136 497->503 522 4c2032d-4c20345 GetCurrentHwProfileW 502->522 503->497 524 4c20355-4c2035f call 4c2036d 522->524
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 80948e5b0e8bb14f3c16bc58002756b6a51ed16b3eb20339baa541fbbeb484be
                                  • Instruction ID: 3c779350f68fba6e14ccd392e6b6e0c9b383c19ae766351928398e0e6fdca88b
                                  • Opcode Fuzzy Hash: 80948e5b0e8bb14f3c16bc58002756b6a51ed16b3eb20339baa541fbbeb484be
                                  • Instruction Fuzzy Hash: 4B4181EF30C231BDB1019A476B54AFB666FE6D6730738842BF607E5101F2D46A496131
                                  Function 04C20095 Relevance: 1.7, APIs: 1, Instructions: 173COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 527 4c20095-4c20126 534 4c20138-4c20170 call 4c20178 527->534 539 4c20172-4c20321 534->539 540 4c20135-4c20136 534->540 559 4c2032d-4c20345 GetCurrentHwProfileW 539->559 540->534 561 4c20355-4c2035f call 4c2036d 559->561
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: f7accd289fdd8177ee8140f90db5b7e72ada98191b9a359aae2af201adb98e2b
                                  • Instruction ID: 84db9fee5872f22d04287ff38438634388f0f2c2c1f53aa01a90cad2a0d1341f
                                  • Opcode Fuzzy Hash: f7accd289fdd8177ee8140f90db5b7e72ada98191b9a359aae2af201adb98e2b
                                  • Instruction Fuzzy Hash: 123192EF30C231BDB1418A476B54AFB666FE6C6730B38842BF607E5502F2D46A897131
                                  Function 04C200A0 Relevance: 1.7, APIs: 1, Instructions: 169COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 564 4c200a0-4c20126 570 4c20138-4c20170 call 4c20178 564->570 575 4c20172-4c20321 570->575 576 4c20135-4c20136 570->576 595 4c2032d-4c20345 GetCurrentHwProfileW 575->595 576->570 597 4c20355-4c2035f call 4c2036d 595->597
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 9faf0522fcae5bb93ae80de479d217f5be9c7391042389706eacbdfa394939de
                                  • Instruction ID: c1cb5f35511420a169b81e2a9bc2f40fc09acb5022c3abfa38baf3c4dcb27156
                                  • Opcode Fuzzy Hash: 9faf0522fcae5bb93ae80de479d217f5be9c7391042389706eacbdfa394939de
                                  • Instruction Fuzzy Hash: 513192EF30C231BDB1418A476B54AFB676FE6C6730B38842BF607E5502F2D46A896131
                                  Function 04C20152 Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 600 4c20152-4c20159 601 4c2015c-4c20170 call 4c20178 600->601 604 4c20172-4c20321 601->604 605 4c20135-4c2014d 601->605 626 4c2032d-4c20345 GetCurrentHwProfileW 604->626 605->601 628 4c20355-4c2035f call 4c2036d 626->628
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d2264e7c5d276d5d2eb4cb9b7b3cb2e27f71b2ba49c8a0ce3e8fb3eb2f743af0
                                  • Instruction ID: f2a91871734c3ec4d27897233cb8cdf9dff1f8b5fef7abb375f1a85d66f56d4c
                                  • Opcode Fuzzy Hash: d2264e7c5d276d5d2eb4cb9b7b3cb2e27f71b2ba49c8a0ce3e8fb3eb2f743af0
                                  • Instruction Fuzzy Hash: 1F3109EF24C230BEE1019A575B54AF76B2FE6C6330739452BF607A6102F2D46A496131
                                  Function 04C200C6 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 631 4c200c6-4c20126 638 4c20138-4c20170 call 4c20178 631->638 643 4c20172-4c20321 638->643 644 4c20135-4c20136 638->644 663 4c2032d-4c20345 GetCurrentHwProfileW 643->663 644->638 665 4c20355-4c2035f call 4c2036d 663->665
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 94e25d639bed54b9798c7f6fcbcb14b434c566a2f7a31c985d94bf5712e8c396
                                  • Instruction ID: 5e8b227ae7c266b88966e9727fb4beb0e4b9a8b312736df4e01abe0b17a8808f
                                  • Opcode Fuzzy Hash: 94e25d639bed54b9798c7f6fcbcb14b434c566a2f7a31c985d94bf5712e8c396
                                  • Instruction Fuzzy Hash: 5431D7EF34C231BDB1418A576B54AFA662FE6C6330738852BF607E5202F6D46A897031
                                  Function 04C200D9 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 73cf72f0966f3710460d59d42e9d81a54ed8741426f94483e35cc7e30457f687
                                  • Instruction ID: 02e01a1c2634021d50105cccb2e3f7cfefd1ce33053b4e4210f3bbf6d5da408c
                                  • Opcode Fuzzy Hash: 73cf72f0966f3710460d59d42e9d81a54ed8741426f94483e35cc7e30457f687
                                  • Instruction Fuzzy Hash: 1931E8EF30C234BEB1019A576B547FB6A6FE6C6370738442BF607E6202F2D46A496131
                                  Function 04C20141 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67c117539b96767711b092775869f6b63039a60ab61d2a7dd8fe9106ef5124f3
                                  • Instruction ID: b3dd23a98ffe10406d09f584607211e8a70f92be4bf3446e1513ef8b3d368ee4
                                  • Opcode Fuzzy Hash: 67c117539b96767711b092775869f6b63039a60ab61d2a7dd8fe9106ef5124f3
                                  • Instruction Fuzzy Hash: 0031E6EF74C234BDB1019A575B54BFAAA6FE6C6330738442BF607E5102F2D46E896031
                                  Function 04C2010B Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f489b2b476e636298a0edf8ceac1a8c8a7afd983dfa137306ae9eb38a9a728f
                                  • Instruction ID: 669f9f7666f5c844419128887f2bc8b6efcc142b5d0f3265aaed2c30b507d0a8
                                  • Opcode Fuzzy Hash: 1f489b2b476e636298a0edf8ceac1a8c8a7afd983dfa137306ae9eb38a9a728f
                                  • Instruction Fuzzy Hash: F53106EF20C231BEE24296575B54AFB6B2FE6C2330739452BF607E5102F2D46A896131
                                  Function 04C200F6 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: a25590c959fefdd37bbc4cf17afe1fc7634b2c8acd9c3610b50f45f6ba64fa56
                                  • Instruction ID: 683dc9d528ccb492bdce5cde2fab3e6fe155ad231359e201e880e4a6d6ac12b1
                                  • Opcode Fuzzy Hash: a25590c959fefdd37bbc4cf17afe1fc7634b2c8acd9c3610b50f45f6ba64fa56
                                  • Instruction Fuzzy Hash: C731FBEF34C230BDB1018A575B54AFB6A2FE6C6330738442BF607E5501F2D46B486031
                                  Function 04C2012B Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 81c683634f5a12c2a60f6cc854d7974878f359bfb68f0a22148681e255c8fa00
                                  • Instruction ID: 4f6f7277daf1a3218133fc576625430b693b9e9fb9807b79c6b2882d09db2962
                                  • Opcode Fuzzy Hash: 81c683634f5a12c2a60f6cc854d7974878f359bfb68f0a22148681e255c8fa00
                                  • Instruction Fuzzy Hash: C32106EF34C231BDB10196576B54BFB6A2FE6C2370739852BF607E5202F2D46A892071
                                  Function 00280560 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 002806AE
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction ID: 6c831b25343691ddd4c931ca0a7a5cfd9605b226671e1d465d993c1cbb3fed7f
                                  • Opcode Fuzzy Hash: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction Fuzzy Hash: 46410676A111299BCB05EF68DD806AEB7A9AF84340F540179FC05EB342E770ED748BE1
                                  Function 04C20184 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 92e01c1f83ea9e3ff67b4177d4334cbbc64811744b968fa1d38e5e2d5ac773d2
                                  • Instruction ID: f3e43be06621e1db0979f6e2cc73672b3cf6fc90b8829e003fce7c25d890a037
                                  • Opcode Fuzzy Hash: 92e01c1f83ea9e3ff67b4177d4334cbbc64811744b968fa1d38e5e2d5ac773d2
                                  • Instruction Fuzzy Hash: 8421E6EB20C2307EB20295476B446FB576FF6C2770B38402BFA07D5503F1D56A492131
                                  Function 04C201D5 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 1d4bf13530463c608c3e60cc9f3fca77299e7477d10635f99914d078ca0b9085
                                  • Instruction ID: cbb88dd4990ee7d6b6d93edd411c6c628b49814f0c476389028c18f5497bf8c6
                                  • Opcode Fuzzy Hash: 1d4bf13530463c608c3e60cc9f3fca77299e7477d10635f99914d078ca0b9085
                                  • Instruction Fuzzy Hash: 5F1160EB24C235BDB14291476F54BFB562FE6C6770B398427FA07D1502F2D46E892031
                                  Function 04C201E5 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 3839e3cb33eaeb14155e02e36bcbe9ec0d3f510cd58d016ecb16c93bc4fa85a0
                                  • Instruction ID: 156e29aa7e136af3856173e807ab43dad828fe791965419162815c638e325a10
                                  • Opcode Fuzzy Hash: 3839e3cb33eaeb14155e02e36bcbe9ec0d3f510cd58d016ecb16c93bc4fa85a0
                                  • Instruction Fuzzy Hash: 86116DEB24C231BDB10291476F54AFB562FE2C6370B398427FA07D4102F2D86A892131
                                  Function 04C20200 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: c5c758cf2436914b23cefd292835d46e3188530c9296f088b0e393b234b880ff
                                  • Instruction ID: a5a6f56bef337ab5b61aca9c04ea926362f6fd96bff3c322786d817eb05ea234
                                  • Opcode Fuzzy Hash: c5c758cf2436914b23cefd292835d46e3188530c9296f088b0e393b234b880ff
                                  • Instruction Fuzzy Hash: D2114CEB24C135BDB10291876F54AFB576FE6D6770B38842BFA03E0006F2D82A892031
                                  Function 04C20217 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 6104a7012ad57bd3b6f826b3f27e57e35f6f70a9934de0d67c824da828978672
                                  • Instruction ID: 08f5ed7f3aed16bfbd85017f8d67bc5d2d05d9e23d840fac5ee1cf9086f1f0b4
                                  • Opcode Fuzzy Hash: 6104a7012ad57bd3b6f826b3f27e57e35f6f70a9934de0d67c824da828978672
                                  • Instruction Fuzzy Hash: D7115EEB64C2757D714291872F55AFB5B6FE4C6770739842BFA03D5406F2C86A8D2031
                                  Function 04C2023C Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 94cca7d49f6763bad7c069b35b80a18df643bfdd993842efa70af860d935694c
                                  • Instruction ID: d02a639d80806466429544942960435c6fddaff7d2fbf89391903113780b5c34
                                  • Opcode Fuzzy Hash: 94cca7d49f6763bad7c069b35b80a18df643bfdd993842efa70af860d935694c
                                  • Instruction Fuzzy Hash: E4014CEB20C631BDB10191472F65AFB576FE5D5370739842BFA03D5502F6C86A892131
                                  Function 04C20295 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 8251538e63eeddea240a5740fb15dc30cb7369b8f1721dfba796c7e5b962d0bf
                                  • Instruction ID: 1b6b73219db8891ae4c2193dcf92a0fdee8628e27ed4cd593e59c461d77e16a2
                                  • Opcode Fuzzy Hash: 8251538e63eeddea240a5740fb15dc30cb7369b8f1721dfba796c7e5b962d0bf
                                  • Instruction Fuzzy Hash: 8701BCEB74C1317DB10594476B1AAFB1B2FE1C6770339882BF603D4405F2C46A8A2071
                                  Function 04C2025B Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: d188ac36b6b14b47c11c8b823983bcc334b705553a24ce2c6a38630bd586b0d2
                                  • Instruction ID: 3cff33ec125b3a99f843e13c9feb3f0479d22fd5dbb9f14a4abfa11b3e56b981
                                  • Opcode Fuzzy Hash: d188ac36b6b14b47c11c8b823983bcc334b705553a24ce2c6a38630bd586b0d2
                                  • Instruction Fuzzy Hash: 11014BEB74C131BDB10191476F59AFB5B2FE1D6770739882BFA03D4505F2C56A892071
                                  Function 04C20275 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: e03df27ba2b8d0d1af53ae2efc21f0484701438986ab5e9b80343e8fab9bcd09
                                  • Instruction ID: b7e607c53290b99812870890f0ad8522c5854a3b588bdbfd9e2fe345382f7abb
                                  • Opcode Fuzzy Hash: e03df27ba2b8d0d1af53ae2efc21f0484701438986ab5e9b80343e8fab9bcd09
                                  • Instruction Fuzzy Hash: E801AFEA70C231BEB10195472F55AFB6B6FE6D5770739882BFA03D4502F2D82A892031
                                  Function 00304B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,003049F9,00000000,CF830579,00341140,0000000C,00304AB5,002F8BBD,?), ref: 00304B68
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: 4b5ef46ab1b2c7220ec94ca2b5671ad7eec055c875e5481ca7381088ebaf7700
                                  • Instruction ID: 6a1c4939b08949837a1b9a00aa75fe208bf0e72ec806c0ae1953d843bd0699d6
                                  • Opcode Fuzzy Hash: 4b5ef46ab1b2c7220ec94ca2b5671ad7eec055c875e5481ca7381088ebaf7700
                                  • Instruction Fuzzy Hash: F9116B33A4321816D72736347962B7E7B598BC3774F2A0249FB489F1C2EE62ED414199
                                  Function 002FE05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,00340DF8,0021A3EB,00000002,0021A3EB,00000000,?,?,?,002FE166,00000000,?,0021A3EB,00000002,00340DF8), ref: 002FE098
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FilePointer
                                  • String ID:
                                  • API String ID: 973152223-0
                                  • Opcode ID: 4bac6eece5e4d1bcb3b0c98c2bab3fe8a9f0484303e4d88ecb808e558fdc1f69
                                  • Instruction ID: 2301557073516d676e43e38bcdf6644a53392319012736456489a25ad02710a7
                                  • Opcode Fuzzy Hash: 4bac6eece5e4d1bcb3b0c98c2bab3fe8a9f0484303e4d88ecb808e558fdc1f69
                                  • Instruction Fuzzy Hash: 3F012B32620119AFCF169F59CC05CAE7B29DF81364B25025CF950AB1E1EAB2EE518BD0
                                  Function 04C202C7 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 0ecf4b2ff56446b6a7ecfd43149278ae1773799dc8d0411a1142f300a5cda8a2
                                  • Instruction ID: 561e2018f848052fce4f1ae917d37612f4803bec09ee99545bb09321803cf9ba
                                  • Opcode Fuzzy Hash: 0ecf4b2ff56446b6a7ecfd43149278ae1773799dc8d0411a1142f300a5cda8a2
                                  • Instruction Fuzzy Hash: 1FF028A670C2B06EF34162331F647FB1B9B96C2260B38446BE943C140BF2C9294D2033
                                  Function 04C202AD Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: f40557d10d5471c8164ac4fbc89e5204e8d2600b1957afce221d2453fadd91ff
                                  • Instruction ID: 4e27ab68d84343199f21417a3dbd049db3f632274b14bdc3ba99047021fc5316
                                  • Opcode Fuzzy Hash: f40557d10d5471c8164ac4fbc89e5204e8d2600b1957afce221d2453fadd91ff
                                  • Instruction Fuzzy Hash: 85F082E720C270BDB242D1532B51AFB5B9FE5D5270738881BFA03D4506F2D929892132
                                  Function 003063F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,002F91F7,00000000,?,00305D79,00000001,00000364,00000000,00000006,000000FF,?,00000000,002FD244,002F89C3,002F91F7,00000000), ref: 00306435
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: a9cf9be1dc6b3d682161f77f76858941a4ba09900bad3d616819252f2ad89c52
                                  • Instruction ID: c32d289b44ccb1c3f4072953ea51af9cf1f949f464d40b850d39a544122847c7
                                  • Opcode Fuzzy Hash: a9cf9be1dc6b3d682161f77f76858941a4ba09900bad3d616819252f2ad89c52
                                  • Instruction Fuzzy Hash: FCF0E93150312567DB236F679C23B5B3B4DDF81760F168122ED049A4C8CB30E83046E1
                                  Function 00306E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000000,0030D635,4D88C033,?,0030D635,00000220,?,003057EF,4D88C033), ref: 00306E60
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: f112d334607b483eb01827e98107621f88887693e5cea1531e829b16ac7c4662
                                  • Instruction ID: eb486f0798bb584837e74f22c68262937f241c8e3e5c4ddf7dcd44e2e1f008ca
                                  • Opcode Fuzzy Hash: f112d334607b483eb01827e98107621f88887693e5cea1531e829b16ac7c4662
                                  • Instruction Fuzzy Hash: 14E0ED391037266AEB332665CE32B6B7A4C8B827E0F460221FD049A4D8CB20C920C1E5
                                  Function 04C20302 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 7aa545020ee77fb32b7d12aa3dc4850178cb80b80fe04438f304e5deb3f10658
                                  • Instruction ID: 4aca6195f43739c51c41ad824f6d94c6d2d60e2a49c8e813b4c75bffc63f7c9c
                                  • Opcode Fuzzy Hash: 7aa545020ee77fb32b7d12aa3dc4850178cb80b80fe04438f304e5deb3f10658
                                  • Instruction Fuzzy Hash: 73E017F660C274BEB200A5533F21EFF679EE8C4270B39C82BF902C0009F698190D2132
                                  Function 04C2032B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: ed409583115b201822206b584cace71eb6a96564238bb9dd550b1cd725c730ae
                                  • Instruction ID: 0d032c9103b5c742bae7fe94a3b728ae63e2ad5ca29cf78f340fbb292b5b332f
                                  • Opcode Fuzzy Hash: ed409583115b201822206b584cace71eb6a96564238bb9dd550b1cd725c730ae
                                  • Instruction Fuzzy Hash: E3B09295B2C271AFB30136670B122BB29876C29290F6E58279A4B81108F5E8A4002022
                                  Function 04C2033F Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04C20340
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_4c20000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 1b3875494bdc62041688b41bf8cc53c74c1e613d05a26e593c81b702a5d82ac6
                                  • Instruction ID: 9e9e400a154726584f310d64ff0aab478d227110d21205f6b893efb0da7cce6e
                                  • Opcode Fuzzy Hash: 1b3875494bdc62041688b41bf8cc53c74c1e613d05a26e593c81b702a5d82ac6
                                  • Instruction Fuzzy Hash: 95B024445143700F330131370F113FF34433C1015037C50135D074000DF4CC74001011

                                  Non-executed Functions

                                  Function 002F84A0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction ID: 83abcd7b636bf3b21254bdbcf1981523a114d196973ea6ca797c36fdcfedefd5
                                  • Opcode Fuzzy Hash: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction Fuzzy Hash: 78025B71E1121E9BDF14CFA9C9806AEFBF5FF48354F248269D615E7380DB31A9118B90
                                  Function 0027F810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027F833
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027F855
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027F875
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027F89F
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027F90D
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0027F959
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0027F973
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027FA08
                                  • std::_Facet_Register.LIBCPMT ref: 0027FA15
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                  • String ID: bad locale name$"3
                                  • API String ID: 3375549084-1389453244
                                  • Opcode ID: cdba6cf1ea1697433d7b3eddab051c5d8ff21cb65df40ed62f48b581e9543429
                                  • Instruction ID: cef10b3714573bc59108436e8523610d60d4eb83f1ab6cdf9119d2c3bd9aaa4b
                                  • Opcode Fuzzy Hash: cdba6cf1ea1697433d7b3eddab051c5d8ff21cb65df40ed62f48b581e9543429
                                  • Instruction Fuzzy Hash: 7B61C0B5D24249DBDF51DFA4C945B9EBBF4AF15310F188068E809AB381EB70E914CF92
                                  Function 00213D10 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 152COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00213E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: @3!$@3!$G>!$G>!$`!!$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-720226797
                                  • Opcode ID: 6f19d3dc6d7efca15155186f71feb773e3a936cabd06d1d72de0ba5616a7670f
                                  • Instruction ID: f49b27608e178109a802485c39666955834b77e349be59f1d36219cc59aa74bf
                                  • Opcode Fuzzy Hash: 6f19d3dc6d7efca15155186f71feb773e3a936cabd06d1d72de0ba5616a7670f
                                  • Instruction Fuzzy Hash: 9541C6B6910208AFCB08DF58D845BEEF7F9EF49310F14852AF919D7741E770AA508BA0
                                  Function 002F2E10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON
                                  Download Yara Rule
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 002F2E47
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 002F2E4F
                                  • _ValidateLocalCookies.LIBCMT ref: 002F2ED8
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 002F2F03
                                  • _ValidateLocalCookies.LIBCMT ref: 002F2F58
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: i4$csm
                                  • API String ID: 1170836740-3943644863
                                  • Opcode ID: 6ae6c4a546261426fa0133802aa83351caa0c887065b02f9fbb3cb5719c51b1c
                                  • Instruction ID: 735b155ecf70a961db9d1f00c1592712b822c92ba1edca731be5c8a50cc0bd35
                                  • Opcode Fuzzy Hash: 6ae6c4a546261426fa0133802aa83351caa0c887065b02f9fbb3cb5719c51b1c
                                  • Instruction Fuzzy Hash: D941F730A2020DDBCF10DF68C840AAEFBB5AF46354F148165EA059B392C731EE69CB90
                                  Function 00213DE0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 79COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00213E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: @3!$@3!$`!!$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-996552614
                                  • Opcode ID: b8decce4d501a5cab286eaad5dafaaba56eba68085f2c22853401b36395cf1ec
                                  • Instruction ID: 471198f9ff8072cf2b13f891cf688cd196ef2a7842b675b4408ac3e3b3ef4eb0
                                  • Opcode Fuzzy Hash: b8decce4d501a5cab286eaad5dafaaba56eba68085f2c22853401b36395cf1ec
                                  • Instruction Fuzzy Hash: 372127B69103056FC714DF58D841BD6B7DDAF18320F08883AFA68CB642E770EA64CB90
                                  Function 00214C50 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 442COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00214F72
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00214FFF
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 002150C8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy$___std_exception_copy
                                  • String ID: @3!$`!!$recursive_directory_iterator::operator++
                                  • API String ID: 1206660477-2720571213
                                  • Opcode ID: 8e5ac4dfbbf2a931ce9dbddd976250b0ab4a81c920c1908ac50e0d61d38f88f1
                                  • Instruction ID: 5aa0f32262be9ad25205bc67a60e94e4b8698033834c44acacca94e62274ad1a
                                  • Opcode Fuzzy Hash: 8e5ac4dfbbf2a931ce9dbddd976250b0ab4a81c920c1908ac50e0d61d38f88f1
                                  • Instruction Fuzzy Hash: C5E103719102049FCB18EF68D845BAEF7F9FF58300F148A2DE45A93B81D774A964CBA1
                                  Function 00217820 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 310COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0021799A
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00217B75
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!$out_of_range$type_error
                                  • API String ID: 2659868963-1666391579
                                  • Opcode ID: 292d02c5f627d3da7a3b3346b080c4c70e6c4b51fe5901976b2d89c7fdace369
                                  • Instruction ID: 4d5a7ffcd50fdb7e3feccb2f5f4a5423edc9219a7bae2d2e06b5bbc388c75c97
                                  • Opcode Fuzzy Hash: 292d02c5f627d3da7a3b3346b080c4c70e6c4b51fe5901976b2d89c7fdace369
                                  • Instruction Fuzzy Hash: BEC169B19102088FDB18CFA8D98479EFBF5FF49310F14866AE419EB741E774A990CB90
                                  Function 00213190 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 170COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 002132C6
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00213350
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy___std_exception_destroy
                                  • String ID: +4!$@3!$`!!$`!!
                                  • API String ID: 2970364248-3890975345
                                  • Opcode ID: 03390aee0d23d1c9a4c680c38599c687bd6acce4cbd3363f1923985921673a68
                                  • Instruction ID: afeca24145922b3632000cb0720f2de8ac719443e6eadf27461abc6269802549
                                  • Opcode Fuzzy Hash: 03390aee0d23d1c9a4c680c38599c687bd6acce4cbd3363f1923985921673a68
                                  • Instruction Fuzzy Hash: FB51AF719102089FDB09DF98D885BEEFBFAFF59310F148129E815A7381D774AA91CB90
                                  Function 002139F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00213A58
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00213AA4
                                  • __Getctype.LIBCPMT ref: 00213ABA
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00213AE6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00213B7B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                  • String ID: bad locale name
                                  • API String ID: 1840309910-1405518554
                                  • Opcode ID: 89549f8df474daad7019168316612d7e579303f3960b5fb227f0de43508b6eb5
                                  • Instruction ID: 71d03d78808552b2f4fc8d9c45055f74f1d1536628851dcf6df7e1bdb50a0a8c
                                  • Opcode Fuzzy Hash: 89549f8df474daad7019168316612d7e579303f3960b5fb227f0de43508b6eb5
                                  • Instruction Fuzzy Hash: E1518FB1D102489BEF10DFA5D885BDEFBF9AF14314F184069E809AB381E774DA54CBA1
                                  Function 0027DE70 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027DE93
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027DEB6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027DED6
                                  • std::_Facet_Register.LIBCPMT ref: 0027DF4B
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027DF63
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0027DF7B
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                  • String ID:
                                  • API String ID: 2081738530-0
                                  • Opcode ID: bf9807801212bc3eb9776367e3e997446f2c54024d01eb24ae84d95516d8cf53
                                  • Instruction ID: beb31827efb3eece6397fec8d79a0db4051a0a75452a9d2b6242bf17259f9ca1
                                  • Opcode Fuzzy Hash: bf9807801212bc3eb9776367e3e997446f2c54024d01eb24ae84d95516d8cf53
                                  • Instruction Fuzzy Hash: EA4101759202569FCB15DF54D841AAEBBB8FF12720F148268E8096B352DB30BD20CBD2
                                  Function 00216F40 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 349COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00217340
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!$parse error$parse_error
                                  • API String ID: 2659868963-3548305109
                                  • Opcode ID: 4adffc123308ac10be3ce681c0f6a3f0af3723f5d484d2da3113792af916975b
                                  • Instruction ID: 95c3ba380481226956e3b31517d18b998b28076aab7a885352c55c10a2563918
                                  • Opcode Fuzzy Hash: 4adffc123308ac10be3ce681c0f6a3f0af3723f5d484d2da3113792af916975b
                                  • Instruction Fuzzy Hash: 0CE17F709142488FDB18CF68C88479DBBF5FF59300F2482A9E418EB792D774AA91CF91
                                  Function 002173B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 002175BE
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 002175CD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: at line $, column $`!!
                                  • API String ID: 4194217158-2227850838
                                  • Opcode ID: 83cdd58159f537b7dfc98dfbf021a250ce34fc812b745f0ac44cf2638ea91898
                                  • Instruction ID: c1659944ed7395cebbf5c3eb9316e947ee78f2dfde6b2caf844a6239a1021959
                                  • Opcode Fuzzy Hash: 83cdd58159f537b7dfc98dfbf021a250ce34fc812b745f0ac44cf2638ea91898
                                  • Instruction Fuzzy Hash: 2261F671A14205AFDB08DF68DC84BADBBF6FF98300F64462CE415A7781D774AA94CB90
                                  Function 00213370 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00213190: ___std_exception_copy.LIBVCRUNTIME ref: 002132C6
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0021345F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: +4!$@3!$@3!$`!!
                                  • API String ID: 2659868963-1715996797
                                  • Opcode ID: 14a91be47303de11b3d69a323f3bc15725ccbf372871a3cd0c28853efb2e5d6d
                                  • Instruction ID: f08e496ae6f04b03aaed15d1966e1f85a629c23825ea47a4ac32daa0f7d66a78
                                  • Opcode Fuzzy Hash: 14a91be47303de11b3d69a323f3bc15725ccbf372871a3cd0c28853efb2e5d6d
                                  • Instruction Fuzzy Hash: CE318575910209AFCB19DFA8D841AEDFBF9FB08310F10452AE518D7741D770A690CF94
                                  Function 00213410 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0021345F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: +4!$@3!$@3!$`!!
                                  • API String ID: 2659868963-1715996797
                                  • Opcode ID: fc05254cf328883ededbe6766cdf0590881c12736514de55e00c3d3d08a8ff5c
                                  • Instruction ID: ec39ae47b172fb14a1e77cbc7cc0a82fbee4abf440082dd33fdaf182588034b7
                                  • Opcode Fuzzy Hash: fc05254cf328883ededbe6766cdf0590881c12736514de55e00c3d3d08a8ff5c
                                  • Instruction Fuzzy Hash: 25014FBA510609AF8709DFA9D44189AFBFDBF18310700843AE62987611E7B0E564CF90
                                  Function 00216C60 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 247COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00216F11
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00216F20
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: [json.exception.$`!!
                                  • API String ID: 4194217158-2149100017
                                  • Opcode ID: c3381df7e79775179dbf97fff69b68cd2088eab9f4a2a54413af15b949812c1b
                                  • Instruction ID: 63caa4fea697adad10e6034e0d3049fd13fa4e59ed3f2cd2407e5cf6bb34abb0
                                  • Opcode Fuzzy Hash: c3381df7e79775179dbf97fff69b68cd2088eab9f4a2a54413af15b949812c1b
                                  • Instruction Fuzzy Hash: 8291D470A102049FDB18CF68D988BDEFBF6EF55300F20866DE415AB792D771A991CB90
                                  Function 00212270 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 218COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Xinvalid_argument.LIBCPMT ref: 00212275
                                    • Part of subcall function 002ED6E9: std::invalid_argument::invalid_argument.LIBCONCRT ref: 002ED6F5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Xinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                  • String ID: string too long$L4$L4
                                  • API String ID: 1997705970-2458504751
                                  • Opcode ID: 296037d0a52e692f84c98c5ab7b65a1af5250fb8032dfdc0d2aa0bcdb93a389f
                                  • Instruction ID: 5f372d11cff458509627a350c105f2e0a0b1eea665717a9f128b801ece91ee80
                                  • Opcode Fuzzy Hash: 296037d0a52e692f84c98c5ab7b65a1af5250fb8032dfdc0d2aa0bcdb93a389f
                                  • Instruction Fuzzy Hash: 20814775A14285DFDB02CF68C4507EDBFF5EF6A300F1841AAE894A7742C37585A9CBA0
                                  Function 00217620 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 167COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 002177B4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!$invalid_iterator
                                  • API String ID: 2659868963-2956669300
                                  • Opcode ID: 56f691642fa30cd4bd6a8f5f879afbd6126eeb4ee37d8ee61cef13095301a407
                                  • Instruction ID: 80807dbcb7eb4ac46c057e6e1606d892bfb1699b297e07e50174c8490f9d3836
                                  • Opcode Fuzzy Hash: 56f691642fa30cd4bd6a8f5f879afbd6126eeb4ee37d8ee61cef13095301a407
                                  • Instruction Fuzzy Hash: 6F515AB49102088FDB08CFA8D98479DFBF5FB89310F148669E419EB791E774A990CF90
                                  Function 00217BE0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 156COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00217D67
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!$other_error
                                  • API String ID: 2659868963-1358939976
                                  • Opcode ID: ebbe80e0a319e6f310339154c14b398ff60afc83df3d53ffde16fdfad303368e
                                  • Instruction ID: 4eb6d5af361b7fa197aa783f44b61775f1f0b9ceb0c20f125b7fb74729ccef09
                                  • Opcode Fuzzy Hash: ebbe80e0a319e6f310339154c14b398ff60afc83df3d53ffde16fdfad303368e
                                  • Instruction Fuzzy Hash: FA515AB09102488FDB18CFA8E8847EDFBF5BF49300F148669E459EB741E774A990CB51
                                  Function 0027D050 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0027D06F
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0027D096
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!
                                  • API String ID: 2659868963-2180691272
                                  • Opcode ID: 770dd1bd0c26611c31851f69b79bd0d6ab7377aead4bfbfbbd1c0d013100dd9b
                                  • Instruction ID: ea97fb3ebcd2abc18d4ea8ca88597ff2ed48c170b3bfe86f5acc8e13d7d3cc24
                                  • Opcode Fuzzy Hash: 770dd1bd0c26611c31851f69b79bd0d6ab7377aead4bfbfbbd1c0d013100dd9b
                                  • Instruction Fuzzy Hash: 6F01A4BA50060AAF8709DF59D445896FBF9FB49710700853BA629CBB11E7B0F568CFA0
                                  Function 0028B3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0028B3DF
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0028B406
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!
                                  • API String ID: 2659868963-2180691272
                                  • Opcode ID: 7a514dc8ad901c64981dc73cc816b082501888a0704fe8554fec48844ea073c5
                                  • Instruction ID: 9d7df70f6e7d34e04a321e0e27ff8ab808da5f7b370c162b2825dcbc3a06c15e
                                  • Opcode Fuzzy Hash: 7a514dc8ad901c64981dc73cc816b082501888a0704fe8554fec48844ea073c5
                                  • Instruction Fuzzy Hash: 06F0C9BA500605AF8709DF54D445896FBEDFA49710301853BE62ACB701E7B0E564CFA0
                                  Function 0028B450 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Xinvalid_argument.LIBCPMT ref: 0028B612
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Xinvalid_argumentstd::_
                                  • String ID: Px($invalid hash bucket count
                                  • API String ID: 909987262-3311336540
                                  • Opcode ID: 16d5219eed1dd4386e140163b41af27109c1de16839d133d0a5f287038371092
                                  • Instruction ID: 4d922427420b3b3b5f9a9d8d997b18c8e64b0c38ce1df7cf0378fe456f114c3b
                                  • Opcode Fuzzy Hash: 16d5219eed1dd4386e140163b41af27109c1de16839d133d0a5f287038371092
                                  • Instruction Fuzzy Hash: D37110B8A11605DFCB15DF48C18086AFBB9FF88300764C5AED8199B396D731EA52CF90
                                  Function 0028E440 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0028E491
                                  Strings
                                  • type must be string, but is , xrefs: 0028E4F8
                                  • type must be boolean, but is , xrefs: 0028E582
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID: type must be boolean, but is $type must be string, but is
                                  • API String ID: 118556049-436076039
                                  • Opcode ID: 7a9c7305f4d1bb16931084e2c2323a77d5be0f10e141f37551cb94381bc1e6c5
                                  • Instruction ID: a635489aa732adc2b4759992f303e85a469d67d3104ea5e39027a11dce199853
                                  • Opcode Fuzzy Hash: 7a9c7305f4d1bb16931084e2c2323a77d5be0f10e141f37551cb94381bc1e6c5
                                  • Instruction Fuzzy Hash: C0416DB5910248AFDB14FBA4D802BDEB7A8DB14310F148578F419D77C2EB35E964CB91
                                  Function 00213050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00213078
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!
                                  • API String ID: 2659868963-2180691272
                                  • Opcode ID: d7d7c47e46c7553b45d16e06dfe283e4ae8ce367466ff934851d90e230749fa9
                                  • Instruction ID: 212a53dcb06685420b27ffa7a84bd05fec3cd058acbdbd15169ad05476d6f597
                                  • Opcode Fuzzy Hash: d7d7c47e46c7553b45d16e06dfe283e4ae8ce367466ff934851d90e230749fa9
                                  • Instruction Fuzzy Hash: C3E0EDB69112089FC711DFA898459CAFFE8AB19711F0086BAE948D7301F6B095948BD1

                                  Execution Graph

                                  Execution Coverage:3%
                                  Dynamic/Decrypted Code Coverage:3.4%
                                  Signature Coverage:0%
                                  Total number of Nodes:683
                                  Total number of Limit Nodes:72
                                  execution_graph 20449 4d508d4 20450 4d508f5 20449->20450 20455 4d50945 20450->20455 20452 4d5093c GetCurrentHwProfileW 20454 4d509e7 20452->20454 20456 4d50958 GetCurrentHwProfileW 20455->20456 20458 4d509e7 20456->20458 20458->20452 20366 22e0a0 WSAStartup 20367 22e0d8 20366->20367 20371 22e1a7 20366->20371 20368 22e175 socket 20367->20368 20367->20371 20369 22e18b connect 20368->20369 20368->20371 20370 22e19d closesocket 20369->20370 20369->20371 20370->20368 20370->20371 20382 2fd168 20383 2fd17b ___std_exception_copy 20382->20383 20388 2fcf4a 20383->20388 20385 2fd190 20386 2f44dc ___std_exception_copy RtlAllocateHeap 20385->20386 20387 2fd19d 20386->20387 20389 2fcf58 20388->20389 20390 2fcf80 20388->20390 20389->20390 20391 2fcf87 20389->20391 20392 2fcf65 20389->20392 20390->20385 20396 2fcea3 20391->20396 20394 2f4723 ___std_exception_copy RtlAllocateHeap 20392->20394 20394->20390 20395 2fcfbf 20395->20385 20397 2fceaf __fread_nolock 20396->20397 20400 2fcefe 20397->20400 20399 2fceca 20399->20395 20407 308644 20400->20407 20427 308606 20407->20427 20409 308655 20410 2fcf16 20409->20410 20411 306e2d std::_Locinfo::_Locinfo_dtor 2 API calls 20409->20411 20414 2fcfc1 20410->20414 20412 3086ae 20411->20412 20413 306db3 ___std_exception_copy RtlAllocateHeap 20412->20413 20413->20410 20416 2fcfd3 20414->20416 20422 2fcf34 20414->20422 20415 2fcfe1 20417 2f4723 ___std_exception_copy RtlAllocateHeap 20415->20417 20416->20415 20420 2fd017 std::_Locinfo::_Locinfo_ctor 20416->20420 20416->20422 20417->20422 20418 2f55d3 4 API calls 20418->20420 20419 305f82 __fread_nolock RtlAllocateHeap 20419->20420 20420->20418 20420->20419 20421 30538b 4 API calls 20420->20421 20420->20422 20421->20420 20423 3086ef 20422->20423 20424 3086fa 20423->20424 20425 2fcf40 20423->20425 20424->20425 20426 2f55d3 4 API calls 20424->20426 20425->20399 20426->20425 20428 308612 20427->20428 20429 30863c 20428->20429 20430 305f82 __fread_nolock RtlAllocateHeap 20428->20430 20429->20409 20431 30862d 20430->20431 20432 310d44 __fread_nolock RtlAllocateHeap 20431->20432 20433 308633 20432->20433 20433->20409 20434 4d509dc 20435 4d509a2 20434->20435 20436 4d509d2 GetCurrentHwProfileW 20435->20436 20437 4d509e4 20435->20437 20436->20437 22472 4d5091f 22473 4d50945 GetCurrentHwProfileW 22472->22473 22474 4d5093c GetCurrentHwProfileW 22472->22474 22473->22474 22476 4d509e7 22474->22476 22454 4d5094c 22455 4d50966 GetCurrentHwProfileW 22454->22455 22457 4d509e7 22455->22457 20438 305d2c 20439 305d35 __dosmaperr 20438->20439 20440 305d4c 20439->20440 20441 3063f3 __dosmaperr RtlAllocateHeap 20439->20441 20442 305d79 __dosmaperr 20441->20442 20443 305d81 __dosmaperr 20442->20443 20444 305db9 20442->20444 20445 306db3 ___std_exception_copy RtlAllocateHeap 20443->20445 20446 305a09 __dosmaperr RtlAllocateHeap 20444->20446 20445->20440 20447 305dc4 20446->20447 20448 306db3 ___std_exception_copy RtlAllocateHeap 20447->20448 20448->20440 20375 273a40 20378 273a55 20375->20378 20376 273b28 GetPEB 20376->20378 20377 273a73 GetPEB 20377->20378 20378->20376 20378->20377 20379 273b9d Sleep 20378->20379 20380 273ae8 Sleep 20378->20380 20381 273bc7 20378->20381 20379->20378 20380->20378 19641 21a210 19674 2ef290 19641->19674 19643 21a248 19679 212ae0 19643->19679 19645 21a28b 19695 2f5362 19645->19695 19649 21a377 19652 21a34e 19652->19649 19724 2f47b0 19652->19724 19655 2f9136 4 API calls 19656 21a2fc 19655->19656 19661 21a318 19656->19661 19710 27cf60 19656->19710 19715 2fdbdf 19661->19715 19676 2121d0 Concurrency::cancel_current_task ___std_exception_copy std::_Facet_Register 19674->19676 19675 2ef2af 19675->19643 19676->19675 19727 2f0651 19676->19727 19680 212ba5 19679->19680 19686 212af6 19679->19686 19945 212270 19680->19945 19681 212b02 std::_Locinfo::_Locinfo_ctor 19681->19645 19683 212b2a 19690 2ef290 std::_Facet_Register RtlAllocateHeap 19683->19690 19684 212baa 19955 2121d0 19684->19955 19686->19681 19686->19683 19688 212b65 19686->19688 19689 212b6e 19686->19689 19687 212b3d 19691 2f47b0 RtlAllocateHeap 19687->19691 19692 212b46 std::_Locinfo::_Locinfo_ctor 19687->19692 19688->19683 19688->19684 19689->19692 19694 2ef290 std::_Facet_Register RtlAllocateHeap 19689->19694 19690->19687 19693 212bb4 19691->19693 19692->19645 19694->19692 19968 2f52a0 19695->19968 19697 21a2d7 19697->19652 19698 2f9136 19697->19698 19699 2f9149 ___std_exception_copy 19698->19699 19992 2f8e8d 19699->19992 19701 2f915e 19702 2f44dc ___std_exception_copy RtlAllocateHeap 19701->19702 19703 21a2ea 19702->19703 19704 2f4eeb 19703->19704 19705 2f4efe ___std_exception_copy 19704->19705 20125 2f4801 19705->20125 19707 2f4f0a 19708 2f44dc ___std_exception_copy RtlAllocateHeap 19707->19708 19709 21a2f0 19708->19709 19709->19655 19711 27cfa7 19710->19711 19712 27cf78 __fread_nolock 19710->19712 20173 280560 19711->20173 19712->19661 19714 27cfba 19714->19661 20188 2fdbfc 19715->20188 19717 21a348 19718 2f8be8 19717->19718 19719 2f8bfb ___std_exception_copy 19718->19719 20312 2f8ac3 19719->20312 19721 2f8c07 19722 2f44dc ___std_exception_copy RtlAllocateHeap 19721->19722 19723 2f8c13 19722->19723 19723->19652 19725 2f46ec ___std_exception_copy RtlAllocateHeap 19724->19725 19726 2f47bf __Getctype 19725->19726 19728 2f065e ___std_exception_copy 19727->19728 19732 212213 19727->19732 19731 2f068b 19728->19731 19728->19732 19733 3056b8 19728->19733 19742 2fd7d6 19731->19742 19732->19643 19734 3056c6 19733->19734 19735 3056d4 19733->19735 19734->19735 19740 3056ec 19734->19740 19745 2fd23f 19735->19745 19737 3056dc 19748 2f47a0 19737->19748 19739 3056e6 19739->19731 19740->19739 19741 2fd23f __dosmaperr RtlAllocateHeap 19740->19741 19741->19737 19743 306db3 ___std_exception_copy RtlAllocateHeap 19742->19743 19744 2fd7ee 19743->19744 19744->19732 19751 305d2c 19745->19751 19856 2f46ec 19748->19856 19752 305d35 __dosmaperr 19751->19752 19753 2fd244 19752->19753 19762 3063f3 19752->19762 19753->19737 19755 305d79 __dosmaperr 19756 305d81 __dosmaperr 19755->19756 19757 305db9 19755->19757 19766 306db3 19756->19766 19770 305a09 19757->19770 19761 306db3 ___std_exception_copy RtlAllocateHeap 19761->19753 19763 306400 __dosmaperr std::_Facet_Register 19762->19763 19764 30642b RtlAllocateHeap 19763->19764 19765 30643e __dosmaperr 19763->19765 19764->19763 19764->19765 19765->19755 19767 306de8 19766->19767 19768 306dbe __dosmaperr 19766->19768 19767->19753 19768->19767 19769 2fd23f __dosmaperr RtlAllocateHeap 19768->19769 19769->19767 19771 305a77 __dosmaperr 19770->19771 19774 3059af 19771->19774 19773 305aa0 19773->19761 19775 3059bb __fread_nolock std::_Lockit::_Lockit 19774->19775 19778 305b90 19775->19778 19777 3059dd __dosmaperr 19777->19773 19779 305bc6 __Getctype 19778->19779 19780 305b9f __Getctype 19778->19780 19779->19777 19780->19779 19782 30f2a7 19780->19782 19783 30f327 19782->19783 19786 30f2bd 19782->19786 19784 30f375 19783->19784 19787 306db3 ___std_exception_copy RtlAllocateHeap 19783->19787 19850 30f418 19784->19850 19786->19783 19788 30f2f0 19786->19788 19793 306db3 ___std_exception_copy RtlAllocateHeap 19786->19793 19789 30f349 19787->19789 19790 30f312 19788->19790 19795 306db3 ___std_exception_copy RtlAllocateHeap 19788->19795 19791 306db3 ___std_exception_copy RtlAllocateHeap 19789->19791 19792 306db3 ___std_exception_copy RtlAllocateHeap 19790->19792 19794 30f35c 19791->19794 19797 30f31c 19792->19797 19799 30f2e5 19793->19799 19796 306db3 ___std_exception_copy RtlAllocateHeap 19794->19796 19801 30f307 19795->19801 19802 30f36a 19796->19802 19803 306db3 ___std_exception_copy RtlAllocateHeap 19797->19803 19798 30f3e3 19804 306db3 ___std_exception_copy RtlAllocateHeap 19798->19804 19810 30e5ab 19799->19810 19800 30f383 19800->19798 19809 306db3 RtlAllocateHeap ___std_exception_copy 19800->19809 19838 30ea0a 19801->19838 19807 306db3 ___std_exception_copy RtlAllocateHeap 19802->19807 19803->19783 19808 30f3e9 19804->19808 19807->19784 19808->19779 19809->19800 19811 30e5bc 19810->19811 19837 30e6a5 19810->19837 19812 306db3 ___std_exception_copy RtlAllocateHeap 19811->19812 19813 30e5cd 19811->19813 19812->19813 19814 306db3 ___std_exception_copy RtlAllocateHeap 19813->19814 19816 30e5df 19813->19816 19814->19816 19815 30e5f1 19818 30e603 19815->19818 19819 306db3 ___std_exception_copy RtlAllocateHeap 19815->19819 19816->19815 19817 306db3 ___std_exception_copy RtlAllocateHeap 19816->19817 19817->19815 19820 30e615 19818->19820 19821 306db3 ___std_exception_copy RtlAllocateHeap 19818->19821 19819->19818 19822 30e627 19820->19822 19823 306db3 ___std_exception_copy RtlAllocateHeap 19820->19823 19821->19820 19824 30e639 19822->19824 19825 306db3 ___std_exception_copy RtlAllocateHeap 19822->19825 19823->19822 19826 30e64b 19824->19826 19827 306db3 ___std_exception_copy RtlAllocateHeap 19824->19827 19825->19824 19828 30e65d 19826->19828 19829 306db3 ___std_exception_copy RtlAllocateHeap 19826->19829 19827->19826 19830 30e66f 19828->19830 19831 306db3 ___std_exception_copy RtlAllocateHeap 19828->19831 19829->19828 19832 30e681 19830->19832 19833 306db3 ___std_exception_copy RtlAllocateHeap 19830->19833 19831->19830 19834 30e693 19832->19834 19835 306db3 ___std_exception_copy RtlAllocateHeap 19832->19835 19833->19832 19836 306db3 ___std_exception_copy RtlAllocateHeap 19834->19836 19834->19837 19835->19834 19836->19837 19837->19788 19839 30ea17 19838->19839 19849 30ea6f 19838->19849 19840 306db3 ___std_exception_copy RtlAllocateHeap 19839->19840 19841 30ea27 19839->19841 19840->19841 19842 306db3 ___std_exception_copy RtlAllocateHeap 19841->19842 19843 30ea39 19841->19843 19842->19843 19844 30ea4b 19843->19844 19845 306db3 ___std_exception_copy RtlAllocateHeap 19843->19845 19846 30ea5d 19844->19846 19847 306db3 ___std_exception_copy RtlAllocateHeap 19844->19847 19845->19844 19848 306db3 ___std_exception_copy RtlAllocateHeap 19846->19848 19846->19849 19847->19846 19848->19849 19849->19790 19851 30f425 19850->19851 19852 30f444 19850->19852 19851->19852 19853 30ef31 __Getctype RtlAllocateHeap 19851->19853 19852->19800 19854 30f43e 19853->19854 19855 306db3 ___std_exception_copy RtlAllocateHeap 19854->19855 19855->19852 19857 2f46fe ___std_exception_copy 19856->19857 19862 2f4723 19857->19862 19859 2f4716 19869 2f44dc 19859->19869 19863 2f4733 19862->19863 19865 2f473a ___std_exception_copy __Getctype 19862->19865 19875 2f4541 19863->19875 19866 2f4748 19865->19866 19867 2f46ec ___std_exception_copy RtlAllocateHeap 19865->19867 19866->19859 19868 2f47ac 19867->19868 19868->19859 19870 2f44e8 19869->19870 19873 2f44ff 19870->19873 19890 2f4587 19870->19890 19872 2f4512 19872->19739 19873->19872 19874 2f4587 ___std_exception_copy RtlAllocateHeap 19873->19874 19874->19872 19876 2f4550 19875->19876 19879 305ddd 19876->19879 19880 305df0 __dosmaperr 19879->19880 19881 3063f3 __dosmaperr RtlAllocateHeap 19880->19881 19889 2f4572 19880->19889 19882 305e20 __dosmaperr 19881->19882 19883 305e5c 19882->19883 19884 305e28 __dosmaperr 19882->19884 19886 305a09 __dosmaperr RtlAllocateHeap 19883->19886 19885 306db3 ___std_exception_copy RtlAllocateHeap 19884->19885 19885->19889 19887 305e67 19886->19887 19888 306db3 ___std_exception_copy RtlAllocateHeap 19887->19888 19888->19889 19889->19865 19891 2f459a 19890->19891 19892 2f4591 19890->19892 19891->19873 19893 2f4541 ___std_exception_copy RtlAllocateHeap 19892->19893 19894 2f4596 19893->19894 19894->19891 19897 300259 19894->19897 19898 30025e std::locale::_Setgloballocale 19897->19898 19902 300269 std::locale::_Setgloballocale 19898->19902 19903 30c7c6 19898->19903 19924 2ff224 19902->19924 19907 30c7d2 __fread_nolock 19903->19907 19904 305d2c __dosmaperr RtlAllocateHeap 19910 30c803 std::locale::_Setgloballocale 19904->19910 19905 30c822 19906 2fd23f __dosmaperr RtlAllocateHeap 19905->19906 19909 30c827 19906->19909 19907->19904 19907->19905 19907->19910 19912 30c834 std::_Lockit::_Lockit std::locale::_Setgloballocale 19907->19912 19908 30c80c 19908->19902 19911 2f47a0 ___std_exception_copy RtlAllocateHeap 19909->19911 19910->19905 19910->19908 19910->19912 19911->19908 19913 30c9a4 std::_Lockit::~_Lockit 19912->19913 19914 30c8a7 19912->19914 19916 30c8d5 std::locale::_Setgloballocale 19912->19916 19915 2ff224 std::locale::_Setgloballocale RtlAllocateHeap 19913->19915 19914->19916 19927 305bdb 19914->19927 19917 30c9b7 19915->19917 19916->19908 19919 305bdb __Getctype RtlAllocateHeap 19916->19919 19922 30c92a 19916->19922 19919->19922 19921 305bdb __Getctype RtlAllocateHeap 19921->19916 19922->19908 19923 305bdb __Getctype RtlAllocateHeap 19922->19923 19923->19908 19941 2ff094 19924->19941 19926 2ff235 19928 305be4 __dosmaperr 19927->19928 19929 3063f3 __dosmaperr RtlAllocateHeap 19928->19929 19930 305bfb 19928->19930 19932 305c28 __dosmaperr 19929->19932 19931 305c8b 19930->19931 19933 300259 __Getctype RtlAllocateHeap 19930->19933 19931->19921 19934 305c30 __dosmaperr 19932->19934 19935 305c68 19932->19935 19936 305c95 19933->19936 19937 306db3 ___std_exception_copy RtlAllocateHeap 19934->19937 19938 305a09 __dosmaperr RtlAllocateHeap 19935->19938 19937->19930 19939 305c73 19938->19939 19940 306db3 ___std_exception_copy RtlAllocateHeap 19939->19940 19940->19930 19942 2ff0c1 std::locale::_Setgloballocale 19941->19942 19943 2fef23 std::locale::_Setgloballocale RtlAllocateHeap 19942->19943 19944 2ff10a std::locale::_Setgloballocale 19943->19944 19944->19926 19959 2ed6e9 19945->19959 19956 2121de Concurrency::cancel_current_task 19955->19956 19957 2f0651 ___std_exception_copy RtlAllocateHeap 19956->19957 19958 212213 19957->19958 19958->19687 19962 2ed4af 19959->19962 19961 2ed6fa Concurrency::cancel_current_task 19965 213010 19962->19965 19966 2f0651 ___std_exception_copy RtlAllocateHeap 19965->19966 19967 21303d 19966->19967 19967->19961 19970 2f52ac __fread_nolock 19968->19970 19969 2f52b3 19971 2fd23f __dosmaperr RtlAllocateHeap 19969->19971 19970->19969 19973 2f52d3 19970->19973 19972 2f52b8 19971->19972 19974 2f47a0 ___std_exception_copy RtlAllocateHeap 19972->19974 19975 2f52d8 19973->19975 19976 2f52e5 19973->19976 19980 2f52c3 19974->19980 19977 2fd23f __dosmaperr RtlAllocateHeap 19975->19977 19982 306688 19976->19982 19977->19980 19979 2f52ee 19979->19980 19981 2fd23f __dosmaperr RtlAllocateHeap 19979->19981 19980->19697 19981->19980 19983 306694 __fread_nolock std::_Lockit::_Lockit 19982->19983 19986 30672c 19983->19986 19985 3066af 19985->19979 19990 30674f __fread_nolock 19986->19990 19987 306795 __fread_nolock 19987->19985 19988 3063f3 __dosmaperr RtlAllocateHeap 19989 3067b0 19988->19989 19991 306db3 ___std_exception_copy RtlAllocateHeap 19989->19991 19990->19987 19990->19988 19991->19987 19993 2f8e99 __fread_nolock 19992->19993 19994 2f8e9f 19993->19994 19996 2f8ee2 __fread_nolock 19993->19996 19995 2f4723 ___std_exception_copy RtlAllocateHeap 19994->19995 19998 2f8eba 19995->19998 19999 2f9010 19996->19999 19998->19701 20000 2f9036 19999->20000 20001 2f9023 19999->20001 20008 2f8f37 20000->20008 20001->19998 20003 2f9059 20004 2f90e7 20003->20004 20012 2f55d3 20003->20012 20004->19998 20009 2f8f48 20008->20009 20011 2f8fa0 20008->20011 20009->20011 20021 2fe13d 20009->20021 20011->20003 20013 2f55ec 20012->20013 20017 2f5613 20012->20017 20013->20017 20048 305f82 20013->20048 20015 2f5608 20055 30538b 20015->20055 20018 2fe17d 20017->20018 20019 2fe05c __fread_nolock 2 API calls 20018->20019 20020 2fe196 20019->20020 20020->20004 20022 2fe151 ___std_exception_copy 20021->20022 20027 2fe05c 20022->20027 20024 2fe166 20025 2f44dc ___std_exception_copy RtlAllocateHeap 20024->20025 20026 2fe175 20025->20026 20026->20011 20032 30a6de 20027->20032 20029 2fe06e 20030 2fe08a SetFilePointerEx 20029->20030 20031 2fe076 __fread_nolock 20029->20031 20030->20031 20031->20024 20033 30a6eb 20032->20033 20035 30a700 20032->20035 20045 2fd22c 20033->20045 20036 2fd22c __dosmaperr RtlAllocateHeap 20035->20036 20040 30a725 20035->20040 20038 30a730 20036->20038 20041 2fd23f __dosmaperr RtlAllocateHeap 20038->20041 20039 2fd23f __dosmaperr RtlAllocateHeap 20042 30a6f8 20039->20042 20040->20029 20043 30a738 20041->20043 20042->20029 20044 2f47a0 ___std_exception_copy RtlAllocateHeap 20043->20044 20044->20042 20046 305d2c __dosmaperr RtlAllocateHeap 20045->20046 20047 2fd231 20046->20047 20047->20039 20049 305fa3 20048->20049 20050 305f8e 20048->20050 20049->20015 20051 2fd23f __dosmaperr RtlAllocateHeap 20050->20051 20052 305f93 20051->20052 20053 2f47a0 ___std_exception_copy RtlAllocateHeap 20052->20053 20054 305f9e 20053->20054 20054->20015 20056 305397 __fread_nolock 20055->20056 20057 3053d8 20056->20057 20059 30539f 20056->20059 20060 30541e 20056->20060 20058 2f4723 ___std_exception_copy RtlAllocateHeap 20057->20058 20058->20059 20059->20017 20060->20059 20062 30549c 20060->20062 20063 3054c4 20062->20063 20075 3054e7 __fread_nolock 20062->20075 20064 3054c8 20063->20064 20066 305523 20063->20066 20065 2f4723 ___std_exception_copy RtlAllocateHeap 20064->20065 20065->20075 20067 305541 20066->20067 20069 2fe17d 2 API calls 20066->20069 20076 304fe1 20067->20076 20069->20067 20071 3055a0 20073 305609 WriteFile 20071->20073 20071->20075 20072 305559 20072->20075 20081 304bb2 20072->20081 20073->20075 20075->20059 20087 310d44 20076->20087 20078 305021 20078->20071 20078->20072 20079 304ff3 20079->20078 20096 2f9d10 20079->20096 20082 304c1a 20081->20082 20083 2f9d10 std::_Locinfo::_Locinfo_dtor 2 API calls 20082->20083 20086 304c2b std::_Locinfo::_Locinfo_dtor std::_Locinfo::_Locinfo_ctor 20082->20086 20083->20086 20084 3084be RtlAllocateHeap RtlAllocateHeap 20084->20086 20085 304ee1 _ValidateLocalCookies 20085->20075 20086->20084 20086->20085 20088 310d51 20087->20088 20089 310d5e 20087->20089 20090 2fd23f __dosmaperr RtlAllocateHeap 20088->20090 20092 310d6a 20089->20092 20093 2fd23f __dosmaperr RtlAllocateHeap 20089->20093 20091 310d56 20090->20091 20091->20079 20092->20079 20094 310d8b 20093->20094 20095 2f47a0 ___std_exception_copy RtlAllocateHeap 20094->20095 20095->20091 20097 2f4587 ___std_exception_copy RtlAllocateHeap 20096->20097 20098 2f9d20 20097->20098 20103 305ef3 20098->20103 20104 2f9d3d 20103->20104 20105 305f0a 20103->20105 20107 305f51 20104->20107 20105->20104 20111 30f4f3 20105->20111 20108 305f68 20107->20108 20109 2f9d4a 20107->20109 20108->20109 20120 30d81e 20108->20120 20109->20078 20112 30f4ff __fread_nolock 20111->20112 20113 305bdb __Getctype RtlAllocateHeap 20112->20113 20115 30f508 std::_Lockit::_Lockit 20113->20115 20114 30f54e 20114->20104 20115->20114 20116 30f574 __Getctype RtlAllocateHeap 20115->20116 20117 30f537 __Getctype 20116->20117 20117->20114 20118 300259 __Getctype RtlAllocateHeap 20117->20118 20119 30f573 20118->20119 20121 305bdb __Getctype RtlAllocateHeap 20120->20121 20122 30d823 20121->20122 20123 30d736 std::_Locinfo::_Locinfo_dtor RtlAllocateHeap RtlAllocateHeap 20122->20123 20124 30d82e 20123->20124 20124->20109 20126 2f480d __fread_nolock 20125->20126 20127 2f4814 20126->20127 20129 2f4835 __fread_nolock 20126->20129 20128 2f4723 ___std_exception_copy RtlAllocateHeap 20127->20128 20131 2f482d 20128->20131 20132 2f4910 20129->20132 20131->19707 20135 2f4942 20132->20135 20134 2f4922 20134->20131 20136 2f4979 20135->20136 20137 2f4951 20135->20137 20139 305f82 __fread_nolock RtlAllocateHeap 20136->20139 20138 2f4723 ___std_exception_copy RtlAllocateHeap 20137->20138 20147 2f496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20138->20147 20140 2f4982 20139->20140 20148 2fe11f 20140->20148 20143 2f4a2c 20151 2f4cae 20143->20151 20145 2f4a43 20145->20147 20159 2f4ae3 20145->20159 20147->20134 20166 2fdf37 20148->20166 20150 2f49a0 20150->20143 20150->20145 20150->20147 20152 2f4cbd 20151->20152 20153 305f82 __fread_nolock RtlAllocateHeap 20152->20153 20154 2f4cd9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20153->20154 20155 2fe11f 2 API calls 20154->20155 20158 2f4ce5 _ValidateLocalCookies 20154->20158 20156 2f4d39 20155->20156 20157 2fe11f 2 API calls 20156->20157 20156->20158 20157->20158 20158->20147 20160 305f82 __fread_nolock RtlAllocateHeap 20159->20160 20161 2f4af6 20160->20161 20162 2f4b40 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20161->20162 20163 2fe11f 2 API calls 20161->20163 20162->20147 20164 2f4b9d 20163->20164 20164->20162 20165 2fe11f 2 API calls 20164->20165 20165->20162 20167 2fdf43 __fread_nolock 20166->20167 20168 2fdf86 20167->20168 20170 2fdfcc 20167->20170 20172 2fdf4b 20167->20172 20169 2f4723 ___std_exception_copy RtlAllocateHeap 20168->20169 20169->20172 20171 2fe05c __fread_nolock 2 API calls 20170->20171 20170->20172 20171->20172 20172->20150 20174 2806a9 20173->20174 20177 280585 20173->20177 20175 212270 RtlAllocateHeap 20174->20175 20176 2806ae 20175->20176 20179 2121d0 Concurrency::cancel_current_task RtlAllocateHeap 20176->20179 20178 28059a 20177->20178 20180 2805f0 20177->20180 20181 2805e3 20177->20181 20182 2ef290 std::_Facet_Register RtlAllocateHeap 20178->20182 20186 2805aa __fread_nolock std::_Locinfo::_Locinfo_ctor 20179->20186 20184 2ef290 std::_Facet_Register RtlAllocateHeap 20180->20184 20180->20186 20181->20176 20181->20178 20182->20186 20183 2f47b0 RtlAllocateHeap 20185 2806b8 20183->20185 20184->20186 20186->20183 20187 280667 __fread_nolock std::_Locinfo::_Locinfo_ctor 20186->20187 20187->19714 20189 2fdc08 __fread_nolock 20188->20189 20190 2fdc1b __fread_nolock 20189->20190 20191 2fdc52 __fread_nolock 20189->20191 20195 2fdc40 __fread_nolock 20189->20195 20192 2fd23f __dosmaperr RtlAllocateHeap 20190->20192 20197 2fda06 20191->20197 20194 2fdc35 20192->20194 20196 2f47a0 ___std_exception_copy RtlAllocateHeap 20194->20196 20195->19717 20196->20195 20198 2fda18 __fread_nolock 20197->20198 20203 2fda35 20197->20203 20199 2fda25 20198->20199 20198->20203 20208 2fda76 __fread_nolock 20198->20208 20200 2fd23f __dosmaperr RtlAllocateHeap 20199->20200 20201 2fda2a 20200->20201 20202 2f47a0 ___std_exception_copy RtlAllocateHeap 20201->20202 20202->20203 20203->20195 20204 2fdba1 __fread_nolock 20207 2fd23f __dosmaperr RtlAllocateHeap 20204->20207 20206 305f82 __fread_nolock RtlAllocateHeap 20206->20208 20207->20201 20208->20203 20208->20204 20208->20206 20210 304623 20208->20210 20269 2f8a2b 20208->20269 20211 304635 20210->20211 20212 30464d 20210->20212 20213 2fd22c __dosmaperr RtlAllocateHeap 20211->20213 20214 30498f 20212->20214 20218 304690 20212->20218 20215 30463a 20213->20215 20216 2fd22c __dosmaperr RtlAllocateHeap 20214->20216 20217 2fd23f __dosmaperr RtlAllocateHeap 20215->20217 20219 304994 20216->20219 20220 304642 20217->20220 20218->20220 20221 30469b 20218->20221 20226 3046cb 20218->20226 20222 2fd23f __dosmaperr RtlAllocateHeap 20219->20222 20220->20208 20223 2fd22c __dosmaperr RtlAllocateHeap 20221->20223 20224 3046a8 20222->20224 20225 3046a0 20223->20225 20228 2f47a0 ___std_exception_copy RtlAllocateHeap 20224->20228 20227 2fd23f __dosmaperr RtlAllocateHeap 20225->20227 20229 3046e4 20226->20229 20230 3046f1 20226->20230 20231 30471f 20226->20231 20227->20224 20228->20220 20229->20230 20256 30470d 20229->20256 20232 2fd22c __dosmaperr RtlAllocateHeap 20230->20232 20283 306e2d 20231->20283 20233 3046f6 20232->20233 20236 2fd23f __dosmaperr RtlAllocateHeap 20233->20236 20239 3046fd 20236->20239 20237 310d44 __fread_nolock RtlAllocateHeap 20250 30486b 20237->20250 20238 306db3 ___std_exception_copy RtlAllocateHeap 20240 304739 20238->20240 20241 2f47a0 ___std_exception_copy RtlAllocateHeap 20239->20241 20242 306db3 ___std_exception_copy RtlAllocateHeap 20240->20242 20268 304708 __fread_nolock 20241->20268 20244 304740 20242->20244 20243 3048e3 ReadFile 20245 304957 20243->20245 20246 3048fb 20243->20246 20248 304765 20244->20248 20249 30474a 20244->20249 20254 304964 20245->20254 20265 3048b5 20245->20265 20246->20245 20247 3048d4 20246->20247 20259 304920 20247->20259 20260 304937 20247->20260 20247->20268 20253 2fe13d __fread_nolock 2 API calls 20248->20253 20251 2fd23f __dosmaperr RtlAllocateHeap 20249->20251 20250->20243 20257 30489b 20250->20257 20255 30474f 20251->20255 20252 306db3 ___std_exception_copy RtlAllocateHeap 20252->20220 20253->20256 20258 2fd23f __dosmaperr RtlAllocateHeap 20254->20258 20261 2fd22c __dosmaperr RtlAllocateHeap 20255->20261 20256->20237 20257->20247 20257->20265 20262 304969 20258->20262 20294 304335 20259->20294 20260->20268 20304 30417b 20260->20304 20261->20268 20266 2fd22c __dosmaperr RtlAllocateHeap 20262->20266 20265->20268 20289 2fd1e5 20265->20289 20266->20268 20268->20252 20270 2f8a3c 20269->20270 20273 2f8a38 std::_Locinfo::_Locinfo_ctor 20269->20273 20271 2f8a43 20270->20271 20275 2f8a56 __fread_nolock 20270->20275 20272 2fd23f __dosmaperr RtlAllocateHeap 20271->20272 20274 2f8a48 20272->20274 20273->20208 20276 2f47a0 ___std_exception_copy RtlAllocateHeap 20274->20276 20275->20273 20277 2f8a8d 20275->20277 20278 2f8a84 20275->20278 20276->20273 20277->20273 20280 2fd23f __dosmaperr RtlAllocateHeap 20277->20280 20279 2fd23f __dosmaperr RtlAllocateHeap 20278->20279 20281 2f8a89 20279->20281 20280->20281 20282 2f47a0 ___std_exception_copy RtlAllocateHeap 20281->20282 20282->20273 20284 306e6b 20283->20284 20288 306e3b __dosmaperr std::_Facet_Register 20283->20288 20286 2fd23f __dosmaperr RtlAllocateHeap 20284->20286 20285 306e56 RtlAllocateHeap 20287 304730 20285->20287 20285->20288 20286->20287 20287->20238 20288->20284 20288->20285 20290 2fd22c __dosmaperr RtlAllocateHeap 20289->20290 20291 2fd1f0 __dosmaperr 20290->20291 20292 2fd23f __dosmaperr RtlAllocateHeap 20291->20292 20293 2fd203 20292->20293 20293->20268 20308 30402e 20294->20308 20297 3043d7 20300 304391 __fread_nolock 20297->20300 20302 2fe13d __fread_nolock 2 API calls 20297->20302 20298 3043c7 20299 2fd23f __dosmaperr RtlAllocateHeap 20298->20299 20301 30437d 20299->20301 20300->20301 20303 2fd1e5 __dosmaperr RtlAllocateHeap 20300->20303 20301->20268 20302->20300 20303->20301 20306 3041b5 20304->20306 20305 304246 20305->20268 20306->20305 20307 2fe13d __fread_nolock 2 API calls 20306->20307 20307->20305 20309 304062 20308->20309 20310 3040ce 20309->20310 20311 2fe13d __fread_nolock 2 API calls 20309->20311 20310->20297 20310->20298 20310->20300 20310->20301 20311->20310 20313 2f8acf __fread_nolock 20312->20313 20314 2f8ad9 20313->20314 20317 2f8afc __fread_nolock 20313->20317 20315 2f4723 ___std_exception_copy RtlAllocateHeap 20314->20315 20316 2f8af4 20315->20316 20316->19721 20317->20316 20319 2f8b5a 20317->20319 20320 2f8b8a 20319->20320 20321 2f8b67 20319->20321 20323 2f55d3 4 API calls 20320->20323 20331 2f8b82 20320->20331 20322 2f4723 ___std_exception_copy RtlAllocateHeap 20321->20322 20322->20331 20324 2f8ba2 20323->20324 20333 306ded 20324->20333 20327 305f82 __fread_nolock RtlAllocateHeap 20328 2f8bb6 20327->20328 20337 304a3f 20328->20337 20331->20316 20332 306db3 ___std_exception_copy RtlAllocateHeap 20332->20331 20334 306e04 20333->20334 20335 2f8baa 20333->20335 20334->20335 20336 306db3 ___std_exception_copy RtlAllocateHeap 20334->20336 20335->20327 20336->20335 20340 2f8bbd 20337->20340 20341 304a68 20337->20341 20338 304ab7 20339 2f4723 ___std_exception_copy RtlAllocateHeap 20338->20339 20339->20340 20340->20331 20340->20332 20341->20338 20342 304a8f 20341->20342 20344 3049ae 20342->20344 20345 3049ba __fread_nolock 20344->20345 20347 3049f9 20345->20347 20348 304b12 20345->20348 20347->20340 20349 30a6de __fread_nolock RtlAllocateHeap 20348->20349 20351 304b22 20349->20351 20352 30a6de __fread_nolock RtlAllocateHeap 20351->20352 20358 304b28 20351->20358 20359 304b5a 20351->20359 20354 304b51 20352->20354 20353 30a6de __fread_nolock RtlAllocateHeap 20355 304b66 FindCloseChangeNotification 20353->20355 20357 30a6de __fread_nolock RtlAllocateHeap 20354->20357 20355->20358 20356 304b80 __fread_nolock 20356->20347 20357->20359 20360 30a64d 20358->20360 20359->20353 20359->20358 20361 30a65c 20360->20361 20362 2fd23f __dosmaperr RtlAllocateHeap 20361->20362 20365 30a686 20361->20365 20363 30a6c8 20362->20363 20364 2fd22c __dosmaperr RtlAllocateHeap 20363->20364 20364->20365 20365->20356 21659 4d507e4 21660 4d50822 21659->21660 21661 4d50945 GetCurrentHwProfileW 21660->21661 21662 4d5093c GetCurrentHwProfileW 21661->21662 21664 4d509e7 21662->21664

                                  Executed Functions

                                  Function 00273A40 Relevance: 2.7, APIs: 2, Instructions: 157sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 194 273a40-273a52 195 273a55-273a61 194->195 197 273a67-273a6d 195->197 198 273b28-273b31 GetPEB 195->198 197->198 200 273a73-273a7f GetPEB 197->200 199 273b34-273b48 198->199 201 273b4a-273b4f 199->201 202 273b99-273b9b 199->202 203 273a80-273a94 200->203 201->202 204 273b51-273b59 201->204 202->199 205 273a96-273a9b 203->205 206 273ae4-273ae6 203->206 207 273b60-273b73 204->207 205->206 208 273a9d-273aa3 205->208 206->203 209 273b75-273b88 207->209 210 273b92-273b97 207->210 211 273aa5-273ab8 208->211 209->209 212 273b8a-273b90 209->212 210->202 210->207 213 273add-273ae2 211->213 214 273aba 211->214 212->210 215 273b9d-273bc2 Sleep 212->215 213->206 213->211 216 273ac0-273ad3 214->216 215->195 216->216 217 273ad5-273adb 216->217 217->213 218 273ae8-273b0d Sleep 217->218 219 273b13-273b1a 218->219 219->198 220 273b1c-273b22 219->220 220->198 221 273bc7-273bd8 call 216bd0 220->221 224 273bde 221->224 225 273bda-273bdc 221->225 226 273be0-273bfd call 216bd0 224->226 225->226
                                  APIs
                                  • Sleep.KERNELBASE(000003E9,?,00000001,00000000,?,?,?,?,?,?,?,?,00273DB6), ref: 00273B08
                                  • Sleep.KERNELBASE(00000001,?,00000001,00000000,?,?,?,?,?,?,?,?,00273DB6), ref: 00273BBA
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: e3337f7648320ac2a93052af3cbb68c77d46aaf1fb5ba97cc1b7ba057e92a005
                                  • Instruction ID: 7ac9576f318c24027f780780ebc96e82fd24f37496f729342479b8f25faf2df0
                                  • Opcode Fuzzy Hash: e3337f7648320ac2a93052af3cbb68c77d46aaf1fb5ba97cc1b7ba057e92a005
                                  • Instruction Fuzzy Hash: 3C51B835A1421ACFCB24CF58C8D1EAAB3B5FF48708F29859AD449AB351D731EE15DB80
                                  Function 04D509DC Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: c60aa35481d2fd3cdf828d18a37eb245dc152a608cf284624f444ccf30f18fdf
                                  • Instruction ID: 2eb652aef1a30e2857b28904fb0d0a538d19d0829119fae70fa1e9c83971c6e2
                                  • Opcode Fuzzy Hash: c60aa35481d2fd3cdf828d18a37eb245dc152a608cf284624f444ccf30f18fdf
                                  • Instruction Fuzzy Hash: 764178EB70C121FC7A0385855B90AF667AEEAD77303318426FC87D6220FE90EE456171
                                  Function 0022E0A0 Relevance: 6.1, APIs: 4, Instructions: 100networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 22e0a0-22e0d2 WSAStartup 1 22e1b7-22e1c0 0->1 2 22e0d8-22e102 call 216bd0 * 2 0->2 7 22e104-22e108 2->7 8 22e10e-22e165 2->8 7->1 7->8 10 22e1b1-22e1b6 8->10 11 22e167-22e16d 8->11 10->1 12 22e1c5-22e1cf 11->12 13 22e16f 11->13 12->10 20 22e1d1-22e1d9 12->20 14 22e175-22e189 socket 13->14 14->10 16 22e18b-22e19b connect 14->16 18 22e1c1 16->18 19 22e19d-22e1a5 closesocket 16->19 18->12 19->14 21 22e1a7-22e1ab 19->21 21->10
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Startupclosesocketconnectsocket
                                  • String ID:
                                  • API String ID: 3098855095-0
                                  • Opcode ID: fe705004556cdb403c2ff58ac560e49f13c8c8d7678d9b963d072ed62886ed55
                                  • Instruction ID: 2265b0cc8b4a3a735b5909ed6b2b401371b877319eec00aebbea77e08bf7611e
                                  • Opcode Fuzzy Hash: fe705004556cdb403c2ff58ac560e49f13c8c8d7678d9b963d072ed62886ed55
                                  • Instruction Fuzzy Hash: 3331D0712043116BDB209F68DC49B6BB7E4EF85328F015F2DF9A8A22D0D3319C249B92
                                  Function 002EF290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 22 2ef290-2ef293 23 2ef2a2-2ef2a5 call 2fdf2c 22->23 25 2ef2aa-2ef2ad 23->25 26 2ef2af-2ef2b0 25->26 27 2ef295-2ef2a0 call 3017d8 25->27 27->23 30 2ef2b1-2ef2b5 27->30 31 2121d0-212220 call 2121b0 call 2f0efb call 2f0651 30->31 32 2ef2bb 30->32 32->32
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0021220E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!
                                  • API String ID: 2659868963-2180691272
                                  • Opcode ID: 4c3baa47f2fc7ac8229b19121d48aeb457c3582fa999572f82e77655b378a937
                                  • Instruction ID: 5797e7a1145d7205acbe704b388a24ee9ef47f069e0dd1505d19624fb95200fa
                                  • Opcode Fuzzy Hash: 4c3baa47f2fc7ac8229b19121d48aeb457c3582fa999572f82e77655b378a937
                                  • Instruction Fuzzy Hash: DF012B3941030DABCB18EFA9E8019A9B7ECDA00360B404439FF1CDB691E770E9B48BD1
                                  Function 002F4942 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 157COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 39 2f4942-2f494f 40 2f4979-2f498d call 305f82 39->40 41 2f4951-2f4974 call 2f4723 39->41 47 2f498f 40->47 48 2f4992-2f499b call 2fe11f 40->48 46 2f4ae0-2f4ae2 41->46 47->48 50 2f49a0-2f49af 48->50 51 2f49bf-2f49c8 50->51 52 2f49b1 50->52 55 2f49dc-2f4a10 51->55 56 2f49ca-2f49d7 51->56 53 2f4a89-2f4a8e 52->53 54 2f49b7-2f49b9 52->54 57 2f4ade-2f4adf 53->57 54->51 54->53 59 2f4a6d-2f4a79 55->59 60 2f4a12-2f4a1c 55->60 58 2f4adc 56->58 57->46 58->57 61 2f4a7b-2f4a82 59->61 62 2f4a90-2f4a93 59->62 63 2f4a1e-2f4a2a 60->63 64 2f4a43-2f4a4f 60->64 61->53 65 2f4a96-2f4a9e 62->65 63->64 66 2f4a2c-2f4a3e call 2f4cae 63->66 64->62 67 2f4a51-2f4a6b call 2f4e59 64->67 68 2f4ada 65->68 69 2f4aa0-2f4aa6 65->69 66->57 67->65 68->58 72 2f4abe-2f4ac2 69->72 73 2f4aa8-2f4abc call 2f4ae3 69->73 77 2f4ad5-2f4ad7 72->77 78 2f4ac4-2f4ad2 call 314a10 72->78 73->57 77->68 78->77
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: O/
                                  • API String ID: 0-786838103
                                  • Opcode ID: 0f2ed4acd35e06abfeb8ab5359506890258ebe257ad8b887becf5c10587ee188
                                  • Instruction ID: 6461959355aaffaa787067a780a662ae6531c6f4a13dcbb5b9a6d6c4636a9cac
                                  • Opcode Fuzzy Hash: 0f2ed4acd35e06abfeb8ab5359506890258ebe257ad8b887becf5c10587ee188
                                  • Instruction Fuzzy Hash: E951E770A1010CAFDB14EF58C891ABBFBB5EF45394F248168F9499B252D3B19E61CB90
                                  Function 00304623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 82 304623-304633 83 304635-304648 call 2fd22c call 2fd23f 82->83 84 30464d-30464f 82->84 98 3049a7 83->98 86 304655-30465b 84->86 87 30498f-30499c call 2fd22c call 2fd23f 84->87 86->87 89 304661-30468a 86->89 105 3049a2 call 2f47a0 87->105 89->87 92 304690-304699 89->92 95 3046b3-3046b5 92->95 96 30469b-3046ae call 2fd22c call 2fd23f 92->96 101 30498b-30498d 95->101 102 3046bb-3046bf 95->102 96->105 103 3049aa-3049ad 98->103 101->103 102->101 106 3046c5-3046c9 102->106 105->98 106->96 107 3046cb-3046e2 106->107 110 3046e4-3046e7 107->110 111 304717-30471d 107->111 113 3046e9-3046ef 110->113 114 30470d-304715 110->114 115 3046f1-304708 call 2fd22c call 2fd23f call 2f47a0 111->115 116 30471f-304726 111->116 113->114 113->115 118 30478a-3047a9 114->118 145 3048c2 115->145 119 304728 116->119 120 30472a-304748 call 306e2d call 306db3 * 2 116->120 122 304865-30486e call 310d44 118->122 123 3047af-3047bb 118->123 119->120 150 304765-304788 call 2fe13d 120->150 151 30474a-304760 call 2fd23f call 2fd22c 120->151 136 304870-304882 122->136 137 3048df 122->137 123->122 128 3047c1-3047c3 123->128 128->122 129 3047c9-3047ea 128->129 129->122 133 3047ec-304802 129->133 133->122 138 304804-304806 133->138 136->137 141 304884-304893 136->141 142 3048e3-3048f9 ReadFile 137->142 138->122 143 304808-30482b 138->143 141->137 160 304895-304899 141->160 146 304957-304962 142->146 147 3048fb-304901 142->147 143->122 149 30482d-304843 143->149 152 3048c5-3048cf call 306db3 145->152 161 304964-304976 call 2fd23f call 2fd22c 146->161 162 30497b-30497e 146->162 147->146 148 304903 147->148 155 304906-304918 148->155 149->122 156 304845-304847 149->156 150->118 151->145 152->103 155->152 163 30491a-30491e 155->163 156->122 164 304849-304860 156->164 160->142 168 30489b-3048b3 160->168 161->145 172 304984-304986 162->172 173 3048bb-3048c1 call 2fd1e5 162->173 170 304920-304930 call 304335 163->170 171 304937-304944 163->171 164->122 182 3048d4-3048dd 168->182 183 3048b5-3048ba 168->183 190 304933-304935 170->190 179 304950-304955 call 30417b 171->179 180 304946 call 30448c 171->180 172->152 173->145 191 30494b-30494e 179->191 180->191 182->155 183->173 190->152 191->190
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8d4781309cd3b97b1a598e90b89b7493b5e495228b5a143b8340819ba0c41de
                                  • Instruction ID: cb597c0d69f13dd26200cd0cdb423d635fdbd7e66b15b92ec4ece2165937718d
                                  • Opcode Fuzzy Hash: e8d4781309cd3b97b1a598e90b89b7493b5e495228b5a143b8340819ba0c41de
                                  • Instruction Fuzzy Hash: 8EB13BB0A05249AFDB13DF98D8A1BBEBBB5AF46300F154168E6409B3C2C771AE51CF51
                                  Function 04D5088C Relevance: 1.8, APIs: 1, Instructions: 269COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 229 4d5088c-4d5088e 230 4d50890-4d5089b 229->230 231 4d50829-4d50887 229->231 233 4d5089e-4d5099d call 4d50945 230->233 231->233 250 4d509a9-4d509d7 GetCurrentHwProfileW 233->250 252 4d509e7-4d50ca1 call 4d50ca5 250->252
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e98924b609a243a2779941eb99731cd29da24fd7cb9225091b2ec368c4354267
                                  • Instruction ID: dac1c863f09c1fc18f2510f297a3b4dc40cd9c7c96ac42bc8f59b1774695b86b
                                  • Opcode Fuzzy Hash: e98924b609a243a2779941eb99731cd29da24fd7cb9225091b2ec368c4354267
                                  • Instruction Fuzzy Hash: C55168E770C211EDAA0395815B50AF66A6DEB97730B308426FCC7D6121FE90EA4971B1
                                  Function 04D507E4 Relevance: 1.8, APIs: 1, Instructions: 264COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 285 4d507e4-4d5099d call 4d50945 305 4d509a9-4d509d7 GetCurrentHwProfileW 285->305 307 4d509e7-4d50ca1 call 4d50ca5 305->307
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 9c2f4becd37bc2dc26a8f00e54d1f9ea87e7e3fda09706d4d1cdcae886393713
                                  • Instruction ID: d15dbefb97c3b2a57ec6b65e905ee9cbbef9a72aee5a968f0c3027752eae5628
                                  • Opcode Fuzzy Hash: 9c2f4becd37bc2dc26a8f00e54d1f9ea87e7e3fda09706d4d1cdcae886393713
                                  • Instruction Fuzzy Hash: 625189E770C211FCBA0395814B51AF66A6EEA97730B308426FCC7D6221FE90EA457171
                                  Function 04D50810 Relevance: 1.8, APIs: 1, Instructions: 259COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 340 4d50810-4d5099d call 4d50945 359 4d509a9-4d509d7 GetCurrentHwProfileW 340->359 361 4d509e7-4d50ca1 call 4d50ca5 359->361
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 774aa474b5780c0f79fdd863c84b31d2f9d86b7d865311117dabaa55a56b7353
                                  • Instruction ID: a9dae2386bda6e50d1ff540cdd3b3be4914db6736a6140ced3a56f7ad963effa
                                  • Opcode Fuzzy Hash: 774aa474b5780c0f79fdd863c84b31d2f9d86b7d865311117dabaa55a56b7353
                                  • Instruction Fuzzy Hash: 9C5198E770C211FDAA0391854B50AF66A6EEB97730B308426FCC7D6221FE90EA447171
                                  Function 04D5082C Relevance: 1.8, APIs: 1, Instructions: 257COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 394 4d5082c-4d5099d call 4d50945 413 4d509a9-4d509d7 GetCurrentHwProfileW 394->413 415 4d509e7-4d50ca1 call 4d50ca5 413->415
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 4f6ca086ec76e7a81862359c8b297c335ddddf1c9d66e70bc06baa1b2c7948d3
                                  • Instruction ID: 298b17ab12f590fe6d6adef6530655fe1f70316d1ecf32d1ec02a10a944c217f
                                  • Opcode Fuzzy Hash: 4f6ca086ec76e7a81862359c8b297c335ddddf1c9d66e70bc06baa1b2c7948d3
                                  • Instruction Fuzzy Hash: D65177E770C211FDBA0391855B90AF66A6EEB97730B308426FCC7D6221FE90EA457171
                                  Function 04D508B0 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 448 4d508b0-4d508b2 449 4d508b4-4d508b5 448->449 450 4d50877-4d508ab 448->450 451 4d50875-4d50876 449->451 452 4d508b7-4d508b9 449->452 454 4d508bc-4d5099d call 4d50945 450->454 451->450 452->454 467 4d509a9-4d509d7 GetCurrentHwProfileW 454->467 469 4d509e7-4d50ca1 call 4d50ca5 467->469
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: d78d88a7c18d00d586faae6666ce2a6e3e54f4e0535b600938862018053689ea
                                  • Instruction ID: 89ebe3a52ee1eb0fed4895f5070147612a722467f8c10623c222b128d3bbdc5a
                                  • Opcode Fuzzy Hash: d78d88a7c18d00d586faae6666ce2a6e3e54f4e0535b600938862018053689ea
                                  • Instruction Fuzzy Hash: 805147E770C111FCBA0395855B50AF76A6EEAD77307308426FC87D6221FE90EA4971B1
                                  Function 04D50848 Relevance: 1.8, APIs: 1, Instructions: 253COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 502 4d50848-4d50850 503 4d50857-4d5099d call 4d50945 502->503 504 4d50852 502->504 520 4d509a9-4d509d7 GetCurrentHwProfileW 503->520 504->503 522 4d509e7-4d50ca1 call 4d50ca5 520->522
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 961f2eed985779251c521eb91041bee8a1f86c93b084b78f22a939b08239ec11
                                  • Instruction ID: c882c97e0a82984f980ebc8173c218ae8870a437b36d174c4f42acef57e35c0b
                                  • Opcode Fuzzy Hash: 961f2eed985779251c521eb91041bee8a1f86c93b084b78f22a939b08239ec11
                                  • Instruction Fuzzy Hash: 4B5149E770C211FDBA0391855B90AF66A6EEA97730B308426FCC7D6221FED0EA457171
                                  Function 04D50871 Relevance: 1.7, APIs: 1, Instructions: 249COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 555 4d50871-4d5099d call 4d50945 572 4d509a9-4d509d7 GetCurrentHwProfileW 555->572 574 4d509e7-4d50ca1 call 4d50ca5 572->574
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: df630fead4e3a66e8712250d95f1faef93a22b256dbb536efab148b20e13f6f9
                                  • Instruction ID: 89ae1b71db81dd80e5d91b93afd3565430a95b2abcf542fc0ff31e21b5863cc3
                                  • Opcode Fuzzy Hash: df630fead4e3a66e8712250d95f1faef93a22b256dbb536efab148b20e13f6f9
                                  • Instruction Fuzzy Hash: 665158EB70C111FDBA0391855B90AF76A6EEAD7730B308426FC87D6221FE90EA457171
                                  Function 0021A210 Relevance: 1.7, APIs: 1, Instructions: 231COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 607 21a210-21a2ab call 2ef290 call 212ae0 612 21a2b0-21a2bb 607->612 612->612 613 21a2bd-21a2c8 612->613 614 21a2ca 613->614 615 21a2cd-21a2de call 2f5362 613->615 614->615 618 21a351-21a357 615->618 619 21a2e0-21a305 call 2f9136 call 2f4eeb call 2f9136 615->619 621 21a381-21a393 618->621 622 21a359-21a365 618->622 637 21a307 619->637 638 21a30c-21a316 619->638 624 21a377-21a37e call 2ef511 622->624 625 21a367-21a375 622->625 624->621 625->624 627 21a394-21a3ae call 2f47b0 625->627 634 21a3b0-21a3bb 627->634 634->634 636 21a3bd-21a3c8 634->636 639 21a3ca 636->639 640 21a3cd-21a3df call 2f5362 636->640 637->638 641 21a328-21a32f call 27cf60 638->641 642 21a318-21a31c 638->642 639->640 651 21a3e1-21a3f9 call 2f9136 call 2f4eeb call 2f8be8 640->651 652 21a3fc-21a403 640->652 648 21a334-21a33a 641->648 644 21a320-21a326 642->644 645 21a31e 642->645 644->648 645->644 649 21a33c 648->649 650 21a33e-21a349 call 2fdbdf call 2f8be8 648->650 649->650 667 21a34e 650->667 651->652 655 21a405-21a411 652->655 656 21a42d-21a433 652->656 659 21a423-21a42a call 2ef511 655->659 660 21a413-21a421 655->660 659->656 660->659 661 21a434-21a45e call 2f47b0 660->661 674 21a460-21a464 661->674 675 21a46f-21a474 661->675 667->618 674->675 676 21a466-21a46e 674->676
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __fread_nolock
                                  • String ID:
                                  • API String ID: 2638373210-0
                                  • Opcode ID: 3d49ba3357fbb25febc257fcc00c39cabffe566aac7b3ac9322940b8c5b26bfe
                                  • Instruction ID: 8fdf9b2ee82cc4c4eda03fdf9c7a8b345385f716247a54126c704f4e3a6909f5
                                  • Opcode Fuzzy Hash: 3d49ba3357fbb25febc257fcc00c39cabffe566aac7b3ac9322940b8c5b26bfe
                                  • Instruction Fuzzy Hash: EE714770911208AFDB14DF68CC49BEFF7E8EF41740F10856DF9189B282D7B59A918B92
                                  Function 04D508D4 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 677 4d508d4-4d5099d call 4d50945 687 4d509a9-4d509d7 GetCurrentHwProfileW 677->687 689 4d509e7-4d50ca1 call 4d50ca5 687->689
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: fa9d41518c4912bf33ac683d909ad6a4f4e2e12baf0afa766e1f494e7950baa3
                                  • Instruction ID: b5585fcf668e35d2f8e5489554ccc59ebea2cf59eb9dddcb063871ac5435750b
                                  • Opcode Fuzzy Hash: fa9d41518c4912bf33ac683d909ad6a4f4e2e12baf0afa766e1f494e7950baa3
                                  • Instruction Fuzzy Hash: CD4154E770C111FCBA0381855BA0AF7666EEAD7730B308026FC87D6221FE90EA497171
                                  Function 04D5091F Relevance: 1.7, APIs: 1, Instructions: 208COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 722 4d5091f-4d50931 723 4d5093c-4d5099d 722->723 724 4d50937 call 4d50945 722->724 729 4d509a9-4d509d7 GetCurrentHwProfileW 723->729 724->723 731 4d509e7-4d50ca1 call 4d50ca5 729->731
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 68f57a0e90d981ebd6bc940f4422ae4b4b42f8f5186b8694ebe40ad4f2db7526
                                  • Instruction ID: 8376829d0477dd032e44f0a3e5aa489ad0d4915e7045654276f639bb67b30d59
                                  • Opcode Fuzzy Hash: 68f57a0e90d981ebd6bc940f4422ae4b4b42f8f5186b8694ebe40ad4f2db7526
                                  • Instruction Fuzzy Hash: 404178EB70C111FCBA0381451BA0AF767AEEAD77307308026FC87D6221FE94EA492170
                                  Function 04D50915 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 5eff124177ca0eb65a6591a17b629990b1108a8ec076f02c2438f78ba616e24e
                                  • Instruction ID: 4ed1d903c3bc308fa25bce681dbe0500df70b2bf992f7b210d338d2df97f2c30
                                  • Opcode Fuzzy Hash: 5eff124177ca0eb65a6591a17b629990b1108a8ec076f02c2438f78ba616e24e
                                  • Instruction Fuzzy Hash: 9C4127EB70C111FCBA0385455BA0AF7666EEAD77307318522FC87D6221FE90EA497171
                                  Function 0030549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000000,002F9087,?,00000000,00000000,00000000,?,00000000,?,0021A3EB,002F9087,00000000,0021A3EB,?,?), ref: 00305621
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: 901233c6981599de9fce3c49c1cd1da364f16883f59eeb19869e9e7d8e74b35a
                                  • Instruction ID: bb4dbad72d7dd83ccd4e8c96b858e5c12a7b2cd1fcae8314aed50bcf508621dc
                                  • Opcode Fuzzy Hash: 901233c6981599de9fce3c49c1cd1da364f16883f59eeb19869e9e7d8e74b35a
                                  • Instruction Fuzzy Hash: AF61A27190150DAFDF12DFA8CC94AEFBBBAAF0A304F150145E900AB295D772D951CFA0
                                  Function 04D5094C Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 3d7278169df4e0a8050504f0a712c66b8bac06b154185c2a52f6a977b34de384
                                  • Instruction ID: 4387d50a6204536e0e1a47d91ebe38a5ba0317ec539f53eb7c080e6bec02e449
                                  • Opcode Fuzzy Hash: 3d7278169df4e0a8050504f0a712c66b8bac06b154185c2a52f6a977b34de384
                                  • Instruction Fuzzy Hash: F74125EB70C125BCBA0381851B90AF6666EEAD77307318026FC87D6221FE90EA493171
                                  Function 04D50945 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 04dd225201e023b0a343d10a27b6f74da36e5a1feccf9fb768f61cbd600b9cb8
                                  • Instruction ID: b83e648701263500eec4f2e7a3c480ab4d67bc7d1b892beb410e0c055ab518db
                                  • Opcode Fuzzy Hash: 04dd225201e023b0a343d10a27b6f74da36e5a1feccf9fb768f61cbd600b9cb8
                                  • Instruction Fuzzy Hash: FF4114EB70C121FCBA0381851B90AF7666EEAD77307318026FC87D6621FE94EA497171
                                  Function 04D5097C Relevance: 1.7, APIs: 1, Instructions: 191COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 360566959972feac219e3c45bd08ec75b72ac9fbde692831f9acac465c3c9340
                                  • Instruction ID: 2dd25d3072fb62cf4a8b5e59a0c2b7ef843d99faebfa054d80a9fc0bf6ff6dc1
                                  • Opcode Fuzzy Hash: 360566959972feac219e3c45bd08ec75b72ac9fbde692831f9acac465c3c9340
                                  • Instruction Fuzzy Hash: F84167E770C111BDBA0385451BA0AF6676EEA977307318026FC87D6221FF90EA456171
                                  Function 04D50961 Relevance: 1.7, APIs: 1, Instructions: 188COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: a9a2e6e5e73b6e96201bc23f3a0b561c31e543845c07dfece419c5832f6decc7
                                  • Instruction ID: 0353389e71134c007954aa5c1075ddba32508e52bea64a076b28b2903d83edd7
                                  • Opcode Fuzzy Hash: a9a2e6e5e73b6e96201bc23f3a0b561c31e543845c07dfece419c5832f6decc7
                                  • Instruction Fuzzy Hash: C04127E770C125FCBA0385851B909F6666EEAD77307318426FC87D6221FF90EA497171
                                  Function 04D509A2 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: b700135090db1ab356b2fb438d66e152afb5e6dfb45606f6516795666bb0ebc4
                                  • Instruction ID: 855969ac6aca8c0ff91431bb4fbb10c5232778e6a6ced0e18759213375d76548
                                  • Opcode Fuzzy Hash: b700135090db1ab356b2fb438d66e152afb5e6dfb45606f6516795666bb0ebc4
                                  • Instruction Fuzzy Hash: BB3128EB70C121BC7A0385851B90AF6666EE9D77307318422FC87D6621FE94EE457171
                                  Function 04D509C7 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 04D509D2
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d50000_MPGPH131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 9e6059c7428f19d768c4adfeffeb3f8201eaa12ba523a479eb1f58f6bae90fb1
                                  • Instruction ID: 382a9e48df26912deb66f9eaef089921c3fd3dc7df4c3bd9a35254c4ba26855d
                                  • Opcode Fuzzy Hash: 9e6059c7428f19d768c4adfeffeb3f8201eaa12ba523a479eb1f58f6bae90fb1
                                  • Instruction Fuzzy Hash: E03158DB70C124FCAA1391851B90AF6266EEA977307308122BC87D6620FFD0EE457170
                                  Function 00280560 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 002806AE
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction ID: 6c831b25343691ddd4c931ca0a7a5cfd9605b226671e1d465d993c1cbb3fed7f
                                  • Opcode Fuzzy Hash: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction Fuzzy Hash: 46410676A111299BCB05EF68DD806AEB7A9AF84340F540179FC05EB342E770ED748BE1
                                  Function 00304B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,003049F9,00000000,CF830579,00341140,0000000C,00304AB5,002F8BBD,?), ref: 00304B68
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: 15af622eab69d7f7fa10dcf08add716fd4f6c56a3399d926bd43f344926fb408
                                  • Instruction ID: 0780870c1298cde7a3e1ce6f7933be9fefd100d74af6cab6303d0ba299a5de31
                                  • Opcode Fuzzy Hash: 15af622eab69d7f7fa10dcf08add716fd4f6c56a3399d926bd43f344926fb408
                                  • Instruction Fuzzy Hash: 9F114832A4321816D62736346962B7E7B5A8B82774F2A0209FA449F1C2EE62ED415195
                                  Function 002FE05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,00340DF8,0021A3EB,00000002,0021A3EB,00000000,?,?,?,002FE166,00000000,?,0021A3EB,00000002,00340DF8), ref: 002FE098
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FilePointer
                                  • String ID:
                                  • API String ID: 973152223-0
                                  • Opcode ID: 46bfb6ea90ac6f472a8fe4dd988068d3fb0c1faaeede62b6accb65cb5ea7a8b6
                                  • Instruction ID: 00df179cdfeed3924a2aaa2946dae74081280a204e2e09945fcdda0670408b0a
                                  • Opcode Fuzzy Hash: 46bfb6ea90ac6f472a8fe4dd988068d3fb0c1faaeede62b6accb65cb5ea7a8b6
                                  • Instruction Fuzzy Hash: 8F012B32620209AFCF169F15DC05CAE7B2ADB81364F25011CF950AB2E1EAB2ED518BD0
                                  Function 003063F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,002F91F7,00000000,?,00305D79,00000001,00000364,00000000,00000006,000000FF,?,00000000,002FD244,002F89C3,002F91F7,00000000), ref: 00306434
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: e6205f3a1e3864faec79d51f882c7edf973c4dc2f220e7364a964efefd7719f8
                                  • Instruction ID: 02ae0dc287624728f3fa2f8ee7a3f9a3b2121f0f53c48796eb7d98cda7a079f9
                                  • Opcode Fuzzy Hash: e6205f3a1e3864faec79d51f882c7edf973c4dc2f220e7364a964efefd7719f8
                                  • Instruction Fuzzy Hash: E5F0E93150712567DB236F679C23B5B3B4D9F81B60F268122ED04AA4C8CA30EC3046E2
                                  Function 00306E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000000,0030D635,4D88C033,?,0030D635,00000220,?,003057EF,4D88C033), ref: 00306E5F
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: d4930b1748c1f8f4b88981fc094088e0541c9ab1429d058cd50f8ecde0132544
                                  • Instruction ID: 5c16d16f35b59be510f082ecdeea064d3782742dfb4dcf8400a5686bace949c2
                                  • Opcode Fuzzy Hash: d4930b1748c1f8f4b88981fc094088e0541c9ab1429d058cd50f8ecde0132544
                                  • Instruction Fuzzy Hash: 9DE0E53914371556DB332665CE3275B764C8B817E0F560121FC00964D4CB20CD20C1E5
                                  Function 04D60365 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793436180.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d60000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0810ab8dddeea3c3ce939c2c02119a2238135a66e373d4be95d9006c7d2baa2e
                                  • Instruction ID: 5e3572d011705b426eea943256cd19753f83784efee94752c9fddc1645c818b0
                                  • Opcode Fuzzy Hash: 0810ab8dddeea3c3ce939c2c02119a2238135a66e373d4be95d9006c7d2baa2e
                                  • Instruction Fuzzy Hash: 332160FB34C1107F7652D5966B14EF7676DD1D6631330C82BF887C6102F295AE4A2132
                                  Function 04D602FE Relevance: .1, Instructions: 110COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793436180.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d60000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f562cc777e18a7c81faf730cefd7517ba3f1a407d26dabe5cde5608919ddf7c9
                                  • Instruction ID: 319b339eb977d78ae2d6670837eebb828c7d897283d6e595e4882599e1402994
                                  • Opcode Fuzzy Hash: f562cc777e18a7c81faf730cefd7517ba3f1a407d26dabe5cde5608919ddf7c9
                                  • Instruction Fuzzy Hash: D2112BFB34C110BF7542D1966B24AFB67ADD1D6B71330C826F847D2102F298AE4A2131
                                  Function 04D602F4 Relevance: .1, Instructions: 107COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793436180.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d60000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e9547f5388ad53c59c1f15b432c7099034ca77289701b018d1ec5d0bd1abd525
                                  • Instruction ID: 097b08e442cf75c762d93e001e79833d86951f91abde1fa1beb1233ff7858c4c
                                  • Opcode Fuzzy Hash: e9547f5388ad53c59c1f15b432c7099034ca77289701b018d1ec5d0bd1abd525
                                  • Instruction Fuzzy Hash: F21128EB34C210BE7552C1867B14AFB676DE1D6731330C827F847D6602F298AE4A6232
                                  Function 04D60330 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793436180.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d60000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e4d8e289cba85414bcee4f5467bae93e2af85eb37d29094ee2d367de92962ef1
                                  • Instruction ID: 5c8ded325ceb48cb71d1369e6489da9520dd0b4ff2936de0660333de5936f12d
                                  • Opcode Fuzzy Hash: e4d8e289cba85414bcee4f5467bae93e2af85eb37d29094ee2d367de92962ef1
                                  • Instruction Fuzzy Hash: D1113DBB34D2107F7652C5867B24AFB676DD5D6A31330C867F447C6502E298AE4E2231
                                  Function 04D60310 Relevance: .1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793436180.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d60000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2af2b2c8e4400d164f61bd9a4a66132a5a9da25774c57153f75a6a82bc0895a1
                                  • Instruction ID: 5ae5d8a91fa72dd8693036eee0f187940575ba83d0b1b2fa2d2f46519d7b091e
                                  • Opcode Fuzzy Hash: 2af2b2c8e4400d164f61bd9a4a66132a5a9da25774c57153f75a6a82bc0895a1
                                  • Instruction Fuzzy Hash: FC11F8FB34C211BE7642C5866B14AFB676DE5C6730370C827F847C6506E298AE4A6231
                                  Function 04D60345 Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793436180.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d60000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2ed3863b8b5e0d8d127c88c369666d706ff8fc8ce569648f6f8677f15e3af7e4
                                  • Instruction ID: 4797b86b1e370394db9aaa1fac795bbf5bea6b15106e84d01ecf61435e03ae1a
                                  • Opcode Fuzzy Hash: 2ed3863b8b5e0d8d127c88c369666d706ff8fc8ce569648f6f8677f15e3af7e4
                                  • Instruction Fuzzy Hash: 53014CBB3481107F7642C5857B14AFB676DE1D6731331C867F447C2102F298AE496231
                                  Function 04D603A3 Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3793436180.0000000004D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_4d60000_MPGPH131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c958836e49012289e815dbcf87d738543c28253135ea0cabf08d4fc7e9347804
                                  • Instruction ID: 6479b4d1f2533645c040e789242fbff990232b7d78a0cb61572fb17f3a931a6d
                                  • Opcode Fuzzy Hash: c958836e49012289e815dbcf87d738543c28253135ea0cabf08d4fc7e9347804
                                  • Instruction Fuzzy Hash: DD01A2EB34C1117F7A02D4956B18AFB2B6DE2D6A31331D827F887C6102F295EE4A2131

                                  Non-executed Functions

                                  Function 002F84A0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction ID: 83abcd7b636bf3b21254bdbcf1981523a114d196973ea6ca797c36fdcfedefd5
                                  • Opcode Fuzzy Hash: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction Fuzzy Hash: 78025B71E1121E9BDF14CFA9C9806AEFBF5FF48354F248269D615E7380DB31A9118B90
                                  Function 0027F810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027F833
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027F855
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027F875
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027F89F
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027F90D
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0027F959
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0027F973
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027FA08
                                  • std::_Facet_Register.LIBCPMT ref: 0027FA15
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                  • String ID: bad locale name$"3
                                  • API String ID: 3375549084-1389453244
                                  • Opcode ID: cdba6cf1ea1697433d7b3eddab051c5d8ff21cb65df40ed62f48b581e9543429
                                  • Instruction ID: cef10b3714573bc59108436e8523610d60d4eb83f1ab6cdf9119d2c3bd9aaa4b
                                  • Opcode Fuzzy Hash: cdba6cf1ea1697433d7b3eddab051c5d8ff21cb65df40ed62f48b581e9543429
                                  • Instruction Fuzzy Hash: 7B61C0B5D24249DBDF51DFA4C945B9EBBF4AF15310F188068E809AB381EB70E914CF92
                                  Function 00213D10 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 152COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00213E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: @3!$@3!$G>!$G>!$`!!$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-720226797
                                  • Opcode ID: 6f19d3dc6d7efca15155186f71feb773e3a936cabd06d1d72de0ba5616a7670f
                                  • Instruction ID: f49b27608e178109a802485c39666955834b77e349be59f1d36219cc59aa74bf
                                  • Opcode Fuzzy Hash: 6f19d3dc6d7efca15155186f71feb773e3a936cabd06d1d72de0ba5616a7670f
                                  • Instruction Fuzzy Hash: 9541C6B6910208AFCB08DF58D845BEEF7F9EF49310F14852AF919D7741E770AA508BA0
                                  Function 002F2E10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON
                                  Download Yara Rule
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 002F2E47
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 002F2E4F
                                  • _ValidateLocalCookies.LIBCMT ref: 002F2ED8
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 002F2F03
                                  • _ValidateLocalCookies.LIBCMT ref: 002F2F58
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: i4$csm
                                  • API String ID: 1170836740-3943644863
                                  • Opcode ID: 6ae6c4a546261426fa0133802aa83351caa0c887065b02f9fbb3cb5719c51b1c
                                  • Instruction ID: 735b155ecf70a961db9d1f00c1592712b822c92ba1edca731be5c8a50cc0bd35
                                  • Opcode Fuzzy Hash: 6ae6c4a546261426fa0133802aa83351caa0c887065b02f9fbb3cb5719c51b1c
                                  • Instruction Fuzzy Hash: D941F730A2020DDBCF10DF68C840AAEFBB5AF46354F148165EA059B392C731EE69CB90
                                  Function 00213DE0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 79COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00213E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: @3!$@3!$`!!$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-996552614
                                  • Opcode ID: b8decce4d501a5cab286eaad5dafaaba56eba68085f2c22853401b36395cf1ec
                                  • Instruction ID: 471198f9ff8072cf2b13f891cf688cd196ef2a7842b675b4408ac3e3b3ef4eb0
                                  • Opcode Fuzzy Hash: b8decce4d501a5cab286eaad5dafaaba56eba68085f2c22853401b36395cf1ec
                                  • Instruction Fuzzy Hash: 372127B69103056FC714DF58D841BD6B7DDAF18320F08883AFA68CB642E770EA64CB90
                                  Function 00214C50 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 442COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00214F72
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00214FFF
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 002150C8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy$___std_exception_copy
                                  • String ID: @3!$`!!$recursive_directory_iterator::operator++
                                  • API String ID: 1206660477-2720571213
                                  • Opcode ID: 8e5ac4dfbbf2a931ce9dbddd976250b0ab4a81c920c1908ac50e0d61d38f88f1
                                  • Instruction ID: 5aa0f32262be9ad25205bc67a60e94e4b8698033834c44acacca94e62274ad1a
                                  • Opcode Fuzzy Hash: 8e5ac4dfbbf2a931ce9dbddd976250b0ab4a81c920c1908ac50e0d61d38f88f1
                                  • Instruction Fuzzy Hash: C5E103719102049FCB18EF68D845BAEF7F9FF58300F148A2DE45A93B81D774A964CBA1
                                  Function 00217820 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 310COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0021799A
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00217B75
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!$out_of_range$type_error
                                  • API String ID: 2659868963-1666391579
                                  • Opcode ID: 292d02c5f627d3da7a3b3346b080c4c70e6c4b51fe5901976b2d89c7fdace369
                                  • Instruction ID: 4d5a7ffcd50fdb7e3feccb2f5f4a5423edc9219a7bae2d2e06b5bbc388c75c97
                                  • Opcode Fuzzy Hash: 292d02c5f627d3da7a3b3346b080c4c70e6c4b51fe5901976b2d89c7fdace369
                                  • Instruction Fuzzy Hash: BEC169B19102088FDB18CFA8D98479EFBF5FF49310F14866AE419EB741E774A990CB90
                                  Function 00213190 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 170COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 002132C6
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00213350
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy___std_exception_destroy
                                  • String ID: +4!$@3!$`!!$`!!
                                  • API String ID: 2970364248-3890975345
                                  • Opcode ID: 03390aee0d23d1c9a4c680c38599c687bd6acce4cbd3363f1923985921673a68
                                  • Instruction ID: afeca24145922b3632000cb0720f2de8ac719443e6eadf27461abc6269802549
                                  • Opcode Fuzzy Hash: 03390aee0d23d1c9a4c680c38599c687bd6acce4cbd3363f1923985921673a68
                                  • Instruction Fuzzy Hash: FB51AF719102089FDB09DF98D885BEEFBFAFF59310F148129E815A7381D774AA91CB90
                                  Function 002139F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00213A58
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00213AA4
                                  • __Getctype.LIBCPMT ref: 00213ABA
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00213AE6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00213B7B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                  • String ID: bad locale name
                                  • API String ID: 1840309910-1405518554
                                  • Opcode ID: 89549f8df474daad7019168316612d7e579303f3960b5fb227f0de43508b6eb5
                                  • Instruction ID: 71d03d78808552b2f4fc8d9c45055f74f1d1536628851dcf6df7e1bdb50a0a8c
                                  • Opcode Fuzzy Hash: 89549f8df474daad7019168316612d7e579303f3960b5fb227f0de43508b6eb5
                                  • Instruction Fuzzy Hash: E1518FB1D102489BEF10DFA5D885BDEFBF9AF14314F184069E809AB381E774DA54CBA1
                                  Function 0027DE70 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027DE93
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0027DEB6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027DED6
                                  • std::_Facet_Register.LIBCPMT ref: 0027DF4B
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0027DF63
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0027DF7B
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                  • String ID:
                                  • API String ID: 2081738530-0
                                  • Opcode ID: bf9807801212bc3eb9776367e3e997446f2c54024d01eb24ae84d95516d8cf53
                                  • Instruction ID: beb31827efb3eece6397fec8d79a0db4051a0a75452a9d2b6242bf17259f9ca1
                                  • Opcode Fuzzy Hash: bf9807801212bc3eb9776367e3e997446f2c54024d01eb24ae84d95516d8cf53
                                  • Instruction Fuzzy Hash: EA4101759202569FCB15DF54D841AAEBBB8FF12720F148268E8096B352DB30BD20CBD2
                                  Function 00216F40 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 349COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00217340
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!$parse error$parse_error
                                  • API String ID: 2659868963-3548305109
                                  • Opcode ID: 4adffc123308ac10be3ce681c0f6a3f0af3723f5d484d2da3113792af916975b
                                  • Instruction ID: 95c3ba380481226956e3b31517d18b998b28076aab7a885352c55c10a2563918
                                  • Opcode Fuzzy Hash: 4adffc123308ac10be3ce681c0f6a3f0af3723f5d484d2da3113792af916975b
                                  • Instruction Fuzzy Hash: 0CE17F709142488FDB18CF68C88479DBBF5FF59300F2482A9E418EB792D774AA91CF91
                                  Function 002173B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 002175BE
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 002175CD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: at line $, column $`!!
                                  • API String ID: 4194217158-2227850838
                                  • Opcode ID: 83cdd58159f537b7dfc98dfbf021a250ce34fc812b745f0ac44cf2638ea91898
                                  • Instruction ID: c1659944ed7395cebbf5c3eb9316e947ee78f2dfde6b2caf844a6239a1021959
                                  • Opcode Fuzzy Hash: 83cdd58159f537b7dfc98dfbf021a250ce34fc812b745f0ac44cf2638ea91898
                                  • Instruction Fuzzy Hash: 2261F671A14205AFDB08DF68DC84BADBBF6FF98300F64462CE415A7781D774AA94CB90
                                  Function 00213370 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00213190: ___std_exception_copy.LIBVCRUNTIME ref: 002132C6
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0021345F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: +4!$@3!$@3!$`!!
                                  • API String ID: 2659868963-1715996797
                                  • Opcode ID: 14a91be47303de11b3d69a323f3bc15725ccbf372871a3cd0c28853efb2e5d6d
                                  • Instruction ID: f08e496ae6f04b03aaed15d1966e1f85a629c23825ea47a4ac32daa0f7d66a78
                                  • Opcode Fuzzy Hash: 14a91be47303de11b3d69a323f3bc15725ccbf372871a3cd0c28853efb2e5d6d
                                  • Instruction Fuzzy Hash: CE318575910209AFCB19DFA8D841AEDFBF9FB08310F10452AE518D7741D770A690CF94
                                  Function 00213410 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0021345F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: +4!$@3!$@3!$`!!
                                  • API String ID: 2659868963-1715996797
                                  • Opcode ID: fc05254cf328883ededbe6766cdf0590881c12736514de55e00c3d3d08a8ff5c
                                  • Instruction ID: ec39ae47b172fb14a1e77cbc7cc0a82fbee4abf440082dd33fdaf182588034b7
                                  • Opcode Fuzzy Hash: fc05254cf328883ededbe6766cdf0590881c12736514de55e00c3d3d08a8ff5c
                                  • Instruction Fuzzy Hash: 25014FBA510609AF8709DFA9D44189AFBFDBF18310700843AE62987611E7B0E564CF90
                                  Function 00216C60 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 247COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00216F11
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00216F20
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: [json.exception.$`!!
                                  • API String ID: 4194217158-2149100017
                                  • Opcode ID: c3381df7e79775179dbf97fff69b68cd2088eab9f4a2a54413af15b949812c1b
                                  • Instruction ID: 63caa4fea697adad10e6034e0d3049fd13fa4e59ed3f2cd2407e5cf6bb34abb0
                                  • Opcode Fuzzy Hash: c3381df7e79775179dbf97fff69b68cd2088eab9f4a2a54413af15b949812c1b
                                  • Instruction Fuzzy Hash: 8291D470A102049FDB18CF68D988BDEFBF6EF55300F20866DE415AB792D771A991CB90
                                  Function 00212270 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 218COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Xinvalid_argument.LIBCPMT ref: 00212275
                                    • Part of subcall function 002ED6E9: std::invalid_argument::invalid_argument.LIBCONCRT ref: 002ED6F5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Xinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                  • String ID: string too long$L4$L4
                                  • API String ID: 1997705970-2458504751
                                  • Opcode ID: 296037d0a52e692f84c98c5ab7b65a1af5250fb8032dfdc0d2aa0bcdb93a389f
                                  • Instruction ID: 5f372d11cff458509627a350c105f2e0a0b1eea665717a9f128b801ece91ee80
                                  • Opcode Fuzzy Hash: 296037d0a52e692f84c98c5ab7b65a1af5250fb8032dfdc0d2aa0bcdb93a389f
                                  • Instruction Fuzzy Hash: 20814775A14285DFDB02CF68C4507EDBFF5EF6A300F1841AAE894A7742C37585A9CBA0
                                  Function 00217620 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 167COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 002177B4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!$invalid_iterator
                                  • API String ID: 2659868963-2956669300
                                  • Opcode ID: 56f691642fa30cd4bd6a8f5f879afbd6126eeb4ee37d8ee61cef13095301a407
                                  • Instruction ID: 80807dbcb7eb4ac46c057e6e1606d892bfb1699b297e07e50174c8490f9d3836
                                  • Opcode Fuzzy Hash: 56f691642fa30cd4bd6a8f5f879afbd6126eeb4ee37d8ee61cef13095301a407
                                  • Instruction Fuzzy Hash: 6F515AB49102088FDB08CFA8D98479DFBF5FB89310F148669E419EB791E774A990CF90
                                  Function 00217BE0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 156COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00217D67
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!$other_error
                                  • API String ID: 2659868963-1358939976
                                  • Opcode ID: ebbe80e0a319e6f310339154c14b398ff60afc83df3d53ffde16fdfad303368e
                                  • Instruction ID: 4eb6d5af361b7fa197aa783f44b61775f1f0b9ceb0c20f125b7fb74729ccef09
                                  • Opcode Fuzzy Hash: ebbe80e0a319e6f310339154c14b398ff60afc83df3d53ffde16fdfad303368e
                                  • Instruction Fuzzy Hash: FA515AB09102488FDB18CFA8E8847EDFBF5BF49300F148669E459EB741E774A990CB51
                                  Function 0027D050 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0027D06F
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0027D096
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!
                                  • API String ID: 2659868963-2180691272
                                  • Opcode ID: 770dd1bd0c26611c31851f69b79bd0d6ab7377aead4bfbfbbd1c0d013100dd9b
                                  • Instruction ID: ea97fb3ebcd2abc18d4ea8ca88597ff2ed48c170b3bfe86f5acc8e13d7d3cc24
                                  • Opcode Fuzzy Hash: 770dd1bd0c26611c31851f69b79bd0d6ab7377aead4bfbfbbd1c0d013100dd9b
                                  • Instruction Fuzzy Hash: 6F01A4BA50060AAF8709DF59D445896FBF9FB49710700853BA629CBB11E7B0F568CFA0
                                  Function 0028B3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0028B3DF
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0028B406
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!
                                  • API String ID: 2659868963-2180691272
                                  • Opcode ID: 7a514dc8ad901c64981dc73cc816b082501888a0704fe8554fec48844ea073c5
                                  • Instruction ID: 9d7df70f6e7d34e04a321e0e27ff8ab808da5f7b370c162b2825dcbc3a06c15e
                                  • Opcode Fuzzy Hash: 7a514dc8ad901c64981dc73cc816b082501888a0704fe8554fec48844ea073c5
                                  • Instruction Fuzzy Hash: 06F0C9BA500605AF8709DF54D445896FBEDFA49710301853BE62ACB701E7B0E564CFA0
                                  Function 0028B450 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Xinvalid_argument.LIBCPMT ref: 0028B612
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Xinvalid_argumentstd::_
                                  • String ID: Px($invalid hash bucket count
                                  • API String ID: 909987262-3311336540
                                  • Opcode ID: 16d5219eed1dd4386e140163b41af27109c1de16839d133d0a5f287038371092
                                  • Instruction ID: 4d922427420b3b3b5f9a9d8d997b18c8e64b0c38ce1df7cf0378fe456f114c3b
                                  • Opcode Fuzzy Hash: 16d5219eed1dd4386e140163b41af27109c1de16839d133d0a5f287038371092
                                  • Instruction Fuzzy Hash: D37110B8A11605DFCB15DF48C18086AFBB9FF88300764C5AED8199B396D731EA52CF90
                                  Function 0028E440 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0028E491
                                  Strings
                                  • type must be string, but is , xrefs: 0028E4F8
                                  • type must be boolean, but is , xrefs: 0028E582
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID: type must be boolean, but is $type must be string, but is
                                  • API String ID: 118556049-436076039
                                  • Opcode ID: 7a9c7305f4d1bb16931084e2c2323a77d5be0f10e141f37551cb94381bc1e6c5
                                  • Instruction ID: a635489aa732adc2b4759992f303e85a469d67d3104ea5e39027a11dce199853
                                  • Opcode Fuzzy Hash: 7a9c7305f4d1bb16931084e2c2323a77d5be0f10e141f37551cb94381bc1e6c5
                                  • Instruction Fuzzy Hash: C0416DB5910248AFDB14FBA4D802BDEB7A8DB14310F148578F419D77C2EB35E964CB91
                                  Function 00213050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00213078
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp, Offset: 00210000, based on PE: true
                                  • Associated: 00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_210000_MPGPH131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: `!!$`!!
                                  • API String ID: 2659868963-2180691272
                                  • Opcode ID: d7d7c47e46c7553b45d16e06dfe283e4ae8ce367466ff934851d90e230749fa9
                                  • Instruction ID: 212a53dcb06685420b27ffa7a84bd05fec3cd058acbdbd15169ad05476d6f597
                                  • Opcode Fuzzy Hash: d7d7c47e46c7553b45d16e06dfe283e4ae8ce367466ff934851d90e230749fa9
                                  • Instruction Fuzzy Hash: C3E0EDB69112089FC711DFA898459CAFFE8AB19711F0086BAE948D7301F6B095948BD1

                                  Execution Graph

                                  Execution Coverage:3.2%
                                  Dynamic/Decrypted Code Coverage:0.9%
                                  Signature Coverage:0%
                                  Total number of Nodes:655
                                  Total number of Limit Nodes:68
                                  execution_graph 19140 8a3a40 19143 8a3a55 19140->19143 19141 8a3b28 GetPEB 19141->19143 19142 8a3a73 GetPEB 19142->19143 19143->19141 19143->19142 19144 8a3b9d Sleep 19143->19144 19145 8a3ae8 Sleep 19143->19145 19146 8a3bc7 19143->19146 19144->19143 19145->19143 18409 84a210 18442 91f290 18409->18442 18411 84a248 18447 842ae0 18411->18447 18413 84a28b 18463 925362 18413->18463 18417 84a377 18419 84a34e 18419->18417 18492 9247b0 18419->18492 18424 929136 4 API calls 18425 84a2fc 18424->18425 18429 84a318 18425->18429 18478 8acf60 18425->18478 18483 92dbdf 18429->18483 18443 8421d0 Concurrency::cancel_current_task std::_Xinvalid_argument ___std_exception_copy std::_Facet_Register 18442->18443 18444 91f2af 18443->18444 18495 920651 18443->18495 18444->18411 18448 842ba5 18447->18448 18454 842af6 18447->18454 18713 842270 18448->18713 18450 842b02 std::locale::_Locimp::_Locimp 18450->18413 18451 842b2a 18455 91f290 std::_Facet_Register RtlAllocateHeap 18451->18455 18452 842baa 18723 8421d0 18452->18723 18454->18450 18454->18451 18457 842b65 18454->18457 18458 842b6e 18454->18458 18456 842b3d 18455->18456 18459 9247b0 RtlAllocateHeap 18456->18459 18462 842b46 std::locale::_Locimp::_Locimp 18456->18462 18457->18451 18457->18452 18461 91f290 std::_Facet_Register RtlAllocateHeap 18458->18461 18458->18462 18460 842bb4 18459->18460 18461->18462 18462->18413 18736 9252a0 18463->18736 18465 84a2d7 18465->18419 18466 929136 18465->18466 18467 929149 __fread_nolock 18466->18467 18760 928e8d 18467->18760 18469 92915e 18470 9244dc __fread_nolock RtlAllocateHeap 18469->18470 18471 84a2ea 18470->18471 18472 924eeb 18471->18472 18473 924efe __fread_nolock 18472->18473 18893 924801 18473->18893 18475 924f0a 18476 9244dc __fread_nolock RtlAllocateHeap 18475->18476 18477 84a2f0 18476->18477 18477->18424 18479 8acfa7 18478->18479 18482 8acf78 __fread_nolock 18478->18482 18941 8b0560 18479->18941 18481 8acfba 18481->18429 18482->18429 18956 92dbfc 18483->18956 18485 84a348 18486 928be8 18485->18486 18487 928bfb __fread_nolock 18486->18487 19080 928ac3 18487->19080 18489 928c07 18490 9244dc __fread_nolock RtlAllocateHeap 18489->18490 18491 928c13 18490->18491 18491->18419 18493 9246ec __fread_nolock RtlAllocateHeap 18492->18493 18494 9247bf __Getctype 18493->18494 18496 842213 18495->18496 18497 92065e ___std_exception_copy 18495->18497 18496->18411 18497->18496 18498 92068b 18497->18498 18501 9356b8 18497->18501 18510 92d7d6 18498->18510 18502 9356d4 18501->18502 18503 9356c6 18501->18503 18513 92d23f 18502->18513 18503->18502 18505 9356ec 18503->18505 18507 9356e6 18505->18507 18508 92d23f __dosmaperr RtlAllocateHeap 18505->18508 18507->18498 18509 9356dc 18508->18509 18516 9247a0 18509->18516 18511 936db3 __freea RtlAllocateHeap 18510->18511 18512 92d7ee 18511->18512 18512->18496 18519 935d2c 18513->18519 18624 9246ec 18516->18624 18520 935d35 __Getctype 18519->18520 18527 92d244 18520->18527 18530 9363f3 18520->18530 18522 935d79 __Getctype 18523 935db9 18522->18523 18524 935d81 __Getctype 18522->18524 18538 935a09 18523->18538 18534 936db3 18524->18534 18527->18509 18529 936db3 __freea RtlAllocateHeap 18529->18527 18533 936400 __Getctype std::_Facet_Register 18530->18533 18531 93642b RtlAllocateHeap 18532 93643e __dosmaperr 18531->18532 18531->18533 18532->18522 18533->18531 18533->18532 18535 936de8 18534->18535 18536 936dbe __dosmaperr 18534->18536 18535->18527 18536->18535 18537 92d23f __dosmaperr RtlAllocateHeap 18536->18537 18537->18535 18539 935a77 __Getctype 18538->18539 18542 9359af 18539->18542 18541 935aa0 18541->18529 18543 9359bb __fread_nolock std::_Lockit::_Lockit 18542->18543 18546 935b90 18543->18546 18545 9359dd __Getctype 18545->18541 18547 935b9f __Getctype 18546->18547 18549 935bc6 __Getctype 18546->18549 18547->18549 18550 93f2a7 18547->18550 18549->18545 18551 93f327 18550->18551 18553 93f2bd 18550->18553 18554 936db3 __freea RtlAllocateHeap 18551->18554 18576 93f375 18551->18576 18553->18551 18555 93f2f0 18553->18555 18559 936db3 __freea RtlAllocateHeap 18553->18559 18556 93f349 18554->18556 18565 936db3 __freea RtlAllocateHeap 18555->18565 18575 93f312 18555->18575 18557 936db3 __freea RtlAllocateHeap 18556->18557 18560 93f35c 18557->18560 18558 936db3 __freea RtlAllocateHeap 18561 93f31c 18558->18561 18563 93f2e5 18559->18563 18566 936db3 __freea RtlAllocateHeap 18560->18566 18567 936db3 __freea RtlAllocateHeap 18561->18567 18562 93f3e3 18568 936db3 __freea RtlAllocateHeap 18562->18568 18578 93e5ab 18563->18578 18564 93f383 18564->18562 18577 936db3 RtlAllocateHeap __freea 18564->18577 18570 93f307 18565->18570 18571 93f36a 18566->18571 18567->18551 18572 93f3e9 18568->18572 18606 93ea0a 18570->18606 18574 936db3 __freea RtlAllocateHeap 18571->18574 18572->18549 18574->18576 18575->18558 18618 93f418 18576->18618 18577->18564 18579 93e6a5 18578->18579 18580 93e5bc 18578->18580 18579->18555 18581 93e5cd 18580->18581 18582 936db3 __freea RtlAllocateHeap 18580->18582 18583 93e5df 18581->18583 18584 936db3 __freea RtlAllocateHeap 18581->18584 18582->18581 18585 93e5f1 18583->18585 18586 936db3 __freea RtlAllocateHeap 18583->18586 18584->18583 18587 93e603 18585->18587 18588 936db3 __freea RtlAllocateHeap 18585->18588 18586->18585 18589 93e615 18587->18589 18590 936db3 __freea RtlAllocateHeap 18587->18590 18588->18587 18591 93e627 18589->18591 18592 936db3 __freea RtlAllocateHeap 18589->18592 18590->18589 18593 93e639 18591->18593 18594 936db3 __freea RtlAllocateHeap 18591->18594 18592->18591 18595 93e64b 18593->18595 18596 936db3 __freea RtlAllocateHeap 18593->18596 18594->18593 18597 93e65d 18595->18597 18598 936db3 __freea RtlAllocateHeap 18595->18598 18596->18595 18599 93e66f 18597->18599 18600 936db3 __freea RtlAllocateHeap 18597->18600 18598->18597 18601 93e681 18599->18601 18602 936db3 __freea RtlAllocateHeap 18599->18602 18600->18599 18603 93e693 18601->18603 18604 936db3 __freea RtlAllocateHeap 18601->18604 18602->18601 18603->18579 18605 936db3 __freea RtlAllocateHeap 18603->18605 18604->18603 18605->18579 18607 93ea6f 18606->18607 18608 93ea17 18606->18608 18607->18575 18609 93ea27 18608->18609 18610 936db3 __freea RtlAllocateHeap 18608->18610 18611 93ea39 18609->18611 18613 936db3 __freea RtlAllocateHeap 18609->18613 18610->18609 18612 93ea4b 18611->18612 18614 936db3 __freea RtlAllocateHeap 18611->18614 18615 93ea5d 18612->18615 18616 936db3 __freea RtlAllocateHeap 18612->18616 18613->18611 18614->18612 18615->18607 18617 936db3 __freea RtlAllocateHeap 18615->18617 18616->18615 18617->18607 18619 93f444 18618->18619 18620 93f425 18618->18620 18619->18564 18620->18619 18621 93ef31 __Getctype RtlAllocateHeap 18620->18621 18622 93f43e 18621->18622 18623 936db3 __freea RtlAllocateHeap 18622->18623 18623->18619 18625 9246fe __fread_nolock 18624->18625 18630 924723 18625->18630 18627 924716 18637 9244dc 18627->18637 18631 924733 18630->18631 18634 92473a __fread_nolock __Getctype 18630->18634 18643 924541 18631->18643 18633 924748 18633->18627 18634->18633 18635 9246ec __fread_nolock RtlAllocateHeap 18634->18635 18636 9247ac 18635->18636 18636->18627 18638 9244e8 18637->18638 18639 9244ff 18638->18639 18658 924587 18638->18658 18641 924587 __fread_nolock RtlAllocateHeap 18639->18641 18642 924512 18639->18642 18641->18642 18642->18507 18644 924550 18643->18644 18647 935ddd 18644->18647 18648 935df0 __Getctype 18647->18648 18649 9363f3 __Getctype RtlAllocateHeap 18648->18649 18657 924572 18648->18657 18650 935e20 __Getctype 18649->18650 18651 935e5c 18650->18651 18652 935e28 __Getctype 18650->18652 18653 935a09 __Getctype RtlAllocateHeap 18651->18653 18654 936db3 __freea RtlAllocateHeap 18652->18654 18655 935e67 18653->18655 18654->18657 18656 936db3 __freea RtlAllocateHeap 18655->18656 18656->18657 18657->18634 18659 924591 18658->18659 18660 92459a 18658->18660 18661 924541 __fread_nolock RtlAllocateHeap 18659->18661 18660->18639 18662 924596 18661->18662 18662->18660 18665 930259 18662->18665 18666 93025e std::locale::_Setgloballocale 18665->18666 18670 930269 std::locale::_Setgloballocale 18666->18670 18671 93c7c6 18666->18671 18692 92f224 18670->18692 18674 93c7d2 __fread_nolock 18671->18674 18672 93c803 std::locale::_Setgloballocale 18675 93c822 18672->18675 18679 93c834 std::_Lockit::_Lockit std::locale::_Setgloballocale 18672->18679 18691 93c80c 18672->18691 18673 935d2c __dosmaperr RtlAllocateHeap 18673->18672 18674->18672 18674->18673 18674->18675 18674->18679 18676 92d23f __dosmaperr RtlAllocateHeap 18675->18676 18677 93c827 18676->18677 18678 9247a0 __fread_nolock RtlAllocateHeap 18677->18678 18678->18691 18680 93c8a7 18679->18680 18681 93c9a4 std::_Lockit::~_Lockit 18679->18681 18682 93c8d5 std::locale::_Setgloballocale 18679->18682 18680->18682 18695 935bdb 18680->18695 18683 92f224 std::locale::_Setgloballocale RtlAllocateHeap 18681->18683 18686 935bdb __Getctype RtlAllocateHeap 18682->18686 18689 93c92a 18682->18689 18682->18691 18685 93c9b7 18683->18685 18686->18689 18688 935bdb __Getctype RtlAllocateHeap 18688->18682 18690 935bdb __Getctype RtlAllocateHeap 18689->18690 18689->18691 18690->18691 18691->18670 18709 92f094 18692->18709 18694 92f235 18696 935be4 __Getctype 18695->18696 18697 935bfb 18696->18697 18698 9363f3 __Getctype RtlAllocateHeap 18696->18698 18699 935c8b 18697->18699 18700 930259 __Getctype RtlAllocateHeap 18697->18700 18701 935c28 __Getctype 18698->18701 18699->18688 18702 935c95 18700->18702 18703 935c30 __Getctype 18701->18703 18704 935c68 18701->18704 18705 936db3 __freea RtlAllocateHeap 18703->18705 18706 935a09 __Getctype RtlAllocateHeap 18704->18706 18705->18697 18707 935c73 18706->18707 18708 936db3 __freea RtlAllocateHeap 18707->18708 18708->18697 18710 92f0c1 std::locale::_Setgloballocale 18709->18710 18711 92ef23 std::locale::_Setgloballocale RtlAllocateHeap 18710->18711 18712 92f10a std::locale::_Setgloballocale 18711->18712 18712->18694 18727 91d6e9 18713->18727 18724 8421de Concurrency::cancel_current_task std::_Xinvalid_argument 18723->18724 18725 920651 ___std_exception_copy RtlAllocateHeap 18724->18725 18726 842213 18725->18726 18726->18456 18730 91d4af 18727->18730 18729 91d6fa std::_Xinvalid_argument 18733 843010 18730->18733 18734 920651 ___std_exception_copy RtlAllocateHeap 18733->18734 18735 84303d 18734->18735 18735->18729 18738 9252ac __fread_nolock 18736->18738 18737 9252b3 18739 92d23f __dosmaperr RtlAllocateHeap 18737->18739 18738->18737 18741 9252d3 18738->18741 18740 9252b8 18739->18740 18742 9247a0 __fread_nolock RtlAllocateHeap 18740->18742 18743 9252e5 18741->18743 18744 9252d8 18741->18744 18749 9252c3 18742->18749 18750 936688 18743->18750 18745 92d23f __dosmaperr RtlAllocateHeap 18744->18745 18745->18749 18747 9252ee 18748 92d23f __dosmaperr RtlAllocateHeap 18747->18748 18747->18749 18748->18749 18749->18465 18751 936694 __fread_nolock std::_Lockit::_Lockit 18750->18751 18754 93672c 18751->18754 18753 9366af 18753->18747 18757 93674f __fread_nolock 18754->18757 18755 936795 __fread_nolock 18755->18753 18756 9363f3 __Getctype RtlAllocateHeap 18758 9367b0 18756->18758 18757->18755 18757->18756 18759 936db3 __freea RtlAllocateHeap 18758->18759 18759->18755 18762 928e99 __fread_nolock 18760->18762 18761 928e9f 18763 924723 __fread_nolock RtlAllocateHeap 18761->18763 18762->18761 18764 928ee2 __fread_nolock 18762->18764 18766 928eba 18763->18766 18767 929010 18764->18767 18766->18469 18768 929023 18767->18768 18769 929036 18767->18769 18768->18766 18776 928f37 18769->18776 18771 9290e7 18771->18766 18772 929059 18772->18771 18780 9255d3 18772->18780 18777 928fa0 18776->18777 18778 928f48 18776->18778 18777->18772 18778->18777 18789 92e13d 18778->18789 18781 925613 18780->18781 18782 9255ec 18780->18782 18786 92e17d 18781->18786 18782->18781 18816 935f82 18782->18816 18784 925608 18823 93538b 18784->18823 18787 92e05c __fread_nolock 2 API calls 18786->18787 18788 92e196 18787->18788 18788->18771 18790 92e151 __fread_nolock 18789->18790 18795 92e05c 18790->18795 18792 92e166 18793 9244dc __fread_nolock RtlAllocateHeap 18792->18793 18794 92e175 18793->18794 18794->18777 18800 93a6de 18795->18800 18797 92e06e 18798 92e08a SetFilePointerEx 18797->18798 18799 92e076 __fread_nolock 18797->18799 18798->18799 18799->18792 18801 93a6eb 18800->18801 18802 93a700 18800->18802 18813 92d22c 18801->18813 18804 92d22c __dosmaperr RtlAllocateHeap 18802->18804 18806 93a725 18802->18806 18807 93a730 18804->18807 18806->18797 18809 92d23f __dosmaperr RtlAllocateHeap 18807->18809 18808 92d23f __dosmaperr RtlAllocateHeap 18810 93a6f8 18808->18810 18811 93a738 18809->18811 18810->18797 18812 9247a0 __fread_nolock RtlAllocateHeap 18811->18812 18812->18810 18814 935d2c __dosmaperr RtlAllocateHeap 18813->18814 18815 92d231 18814->18815 18815->18808 18817 935fa3 18816->18817 18818 935f8e 18816->18818 18817->18784 18819 92d23f __dosmaperr RtlAllocateHeap 18818->18819 18820 935f93 18819->18820 18821 9247a0 __fread_nolock RtlAllocateHeap 18820->18821 18822 935f9e 18821->18822 18822->18784 18825 935397 __fread_nolock 18823->18825 18824 9353d8 18826 924723 __fread_nolock RtlAllocateHeap 18824->18826 18825->18824 18827 93541e 18825->18827 18829 93539f 18825->18829 18826->18829 18827->18829 18830 93549c 18827->18830 18829->18781 18831 9354c4 18830->18831 18843 9354e7 __fread_nolock 18830->18843 18832 9354c8 18831->18832 18834 935523 18831->18834 18833 924723 __fread_nolock RtlAllocateHeap 18832->18833 18833->18843 18835 935541 18834->18835 18836 92e17d 2 API calls 18834->18836 18844 934fe1 18835->18844 18836->18835 18839 9355a0 18841 935609 WriteFile 18839->18841 18839->18843 18840 935559 18840->18843 18849 934bb2 18840->18849 18841->18843 18843->18829 18855 940d44 18844->18855 18846 934ff3 18847 935021 18846->18847 18864 929d10 18846->18864 18847->18839 18847->18840 18850 934c1a 18849->18850 18851 929d10 std::_Locinfo::_Locinfo_ctor 2 API calls 18850->18851 18854 934c2b std::_Locinfo::_Locinfo_ctor std::locale::_Locimp::_Locimp 18850->18854 18851->18854 18852 9384be RtlAllocateHeap RtlAllocateHeap 18852->18854 18853 934ee1 _ValidateLocalCookies 18853->18843 18854->18852 18854->18853 18856 940d51 18855->18856 18857 940d5e 18855->18857 18858 92d23f __dosmaperr RtlAllocateHeap 18856->18858 18859 940d6a 18857->18859 18860 92d23f __dosmaperr RtlAllocateHeap 18857->18860 18861 940d56 18858->18861 18859->18846 18862 940d8b 18860->18862 18861->18846 18863 9247a0 __fread_nolock RtlAllocateHeap 18862->18863 18863->18861 18865 924587 __fread_nolock RtlAllocateHeap 18864->18865 18866 929d20 18865->18866 18871 935ef3 18866->18871 18872 929d3d 18871->18872 18873 935f0a 18871->18873 18875 935f51 18872->18875 18873->18872 18879 93f4f3 18873->18879 18876 935f68 18875->18876 18877 929d4a 18875->18877 18876->18877 18888 93d81e 18876->18888 18877->18847 18880 93f4ff __fread_nolock 18879->18880 18881 935bdb __Getctype RtlAllocateHeap 18880->18881 18883 93f508 std::_Lockit::_Lockit 18881->18883 18882 93f54e 18882->18872 18883->18882 18884 93f574 __Getctype RtlAllocateHeap 18883->18884 18885 93f537 __Getctype 18884->18885 18885->18882 18886 930259 __Getctype RtlAllocateHeap 18885->18886 18887 93f573 18886->18887 18889 935bdb __Getctype RtlAllocateHeap 18888->18889 18890 93d823 18889->18890 18891 93d736 std::_Locinfo::_Locinfo_ctor RtlAllocateHeap RtlAllocateHeap 18890->18891 18892 93d82e 18891->18892 18892->18877 18894 92480d __fread_nolock 18893->18894 18895 924814 18894->18895 18896 924835 __fread_nolock 18894->18896 18897 924723 __fread_nolock RtlAllocateHeap 18895->18897 18900 924910 18896->18900 18899 92482d 18897->18899 18899->18475 18903 924942 18900->18903 18902 924922 18902->18899 18904 924951 18903->18904 18905 924979 18903->18905 18906 924723 __fread_nolock RtlAllocateHeap 18904->18906 18907 935f82 __fread_nolock RtlAllocateHeap 18905->18907 18914 92496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18906->18914 18908 924982 18907->18908 18916 92e11f 18908->18916 18911 924a2c 18919 924cae 18911->18919 18913 924a43 18913->18914 18927 924ae3 18913->18927 18914->18902 18934 92df37 18916->18934 18918 9249a0 18918->18911 18918->18913 18918->18914 18920 924cbd 18919->18920 18921 935f82 __fread_nolock RtlAllocateHeap 18920->18921 18922 924cd9 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18921->18922 18923 92e11f 2 API calls 18922->18923 18926 924ce5 _ValidateLocalCookies 18922->18926 18924 924d39 18923->18924 18925 92e11f 2 API calls 18924->18925 18924->18926 18925->18926 18926->18914 18928 935f82 __fread_nolock RtlAllocateHeap 18927->18928 18929 924af6 18928->18929 18930 92e11f 2 API calls 18929->18930 18933 924b40 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18929->18933 18931 924b9d 18930->18931 18932 92e11f 2 API calls 18931->18932 18931->18933 18932->18933 18933->18914 18936 92df43 __fread_nolock 18934->18936 18935 92df4b 18935->18918 18936->18935 18937 92df86 18936->18937 18939 92dfcc 18936->18939 18938 924723 __fread_nolock RtlAllocateHeap 18937->18938 18938->18935 18939->18935 18940 92e05c __fread_nolock 2 API calls 18939->18940 18940->18935 18942 8b06a9 18941->18942 18946 8b0585 18941->18946 18943 842270 RtlAllocateHeap 18942->18943 18944 8b06ae 18943->18944 18945 8421d0 Concurrency::cancel_current_task RtlAllocateHeap 18944->18945 18954 8b05aa __fread_nolock std::locale::_Locimp::_Locimp 18945->18954 18948 8b05e3 18946->18948 18949 8b05f0 18946->18949 18951 8b059a 18946->18951 18947 91f290 std::_Facet_Register RtlAllocateHeap 18947->18954 18948->18944 18948->18951 18953 91f290 std::_Facet_Register RtlAllocateHeap 18949->18953 18949->18954 18950 9247b0 RtlAllocateHeap 18952 8b06b8 18950->18952 18951->18947 18953->18954 18954->18950 18955 8b0667 __fread_nolock std::locale::_Locimp::_Locimp 18954->18955 18955->18481 18957 92dc08 __fread_nolock 18956->18957 18958 92dc52 __fread_nolock 18957->18958 18959 92dc1b __fread_nolock 18957->18959 18963 92dc40 __fread_nolock 18957->18963 18965 92da06 18958->18965 18960 92d23f __dosmaperr RtlAllocateHeap 18959->18960 18962 92dc35 18960->18962 18964 9247a0 __fread_nolock RtlAllocateHeap 18962->18964 18963->18485 18964->18963 18968 92da18 __fread_nolock 18965->18968 18971 92da35 18965->18971 18966 92da25 18967 92d23f __dosmaperr RtlAllocateHeap 18966->18967 18969 92da2a 18967->18969 18968->18966 18968->18971 18973 92da76 __fread_nolock 18968->18973 18970 9247a0 __fread_nolock RtlAllocateHeap 18969->18970 18970->18971 18971->18963 18972 92dba1 __fread_nolock 18976 92d23f __dosmaperr RtlAllocateHeap 18972->18976 18973->18971 18973->18972 18975 935f82 __fread_nolock RtlAllocateHeap 18973->18975 18978 934623 18973->18978 19037 928a2b 18973->19037 18975->18973 18976->18969 18979 934635 18978->18979 18980 93464d 18978->18980 18981 92d22c __dosmaperr RtlAllocateHeap 18979->18981 18982 93498f 18980->18982 18986 934690 18980->18986 18983 93463a 18981->18983 18984 92d22c __dosmaperr RtlAllocateHeap 18982->18984 18985 92d23f __dosmaperr RtlAllocateHeap 18983->18985 18987 934994 18984->18987 18988 934642 18985->18988 18986->18988 18989 93469b 18986->18989 18994 9346cb 18986->18994 18990 92d23f __dosmaperr RtlAllocateHeap 18987->18990 18988->18973 18991 92d22c __dosmaperr RtlAllocateHeap 18989->18991 18992 9346a8 18990->18992 18993 9346a0 18991->18993 18996 9247a0 __fread_nolock RtlAllocateHeap 18992->18996 18995 92d23f __dosmaperr RtlAllocateHeap 18993->18995 18997 9346e4 18994->18997 18998 9346f1 18994->18998 18999 93471f 18994->18999 18995->18992 18996->18988 18997->18998 19024 93470d 18997->19024 19000 92d22c __dosmaperr RtlAllocateHeap 18998->19000 19051 936e2d 18999->19051 19001 9346f6 19000->19001 19004 92d23f __dosmaperr RtlAllocateHeap 19001->19004 19007 9346fd 19004->19007 19005 940d44 __fread_nolock RtlAllocateHeap 19016 93486b 19005->19016 19006 936db3 __freea RtlAllocateHeap 19008 934739 19006->19008 19009 9247a0 __fread_nolock RtlAllocateHeap 19007->19009 19010 936db3 __freea RtlAllocateHeap 19008->19010 19036 934708 __fread_nolock 19009->19036 19012 934740 19010->19012 19011 9348e3 ReadFile 19013 9348fb 19011->19013 19017 934957 19011->19017 19014 934765 19012->19014 19015 93474a 19012->19015 19013->19017 19018 9348d4 19013->19018 19021 92e13d __fread_nolock 2 API calls 19014->19021 19019 92d23f __dosmaperr RtlAllocateHeap 19015->19019 19016->19011 19025 93489b 19016->19025 19022 934964 19017->19022 19033 9348b5 19017->19033 19027 934920 19018->19027 19028 934937 19018->19028 19018->19036 19023 93474f 19019->19023 19020 936db3 __freea RtlAllocateHeap 19020->18988 19021->19024 19026 92d23f __dosmaperr RtlAllocateHeap 19022->19026 19029 92d22c __dosmaperr RtlAllocateHeap 19023->19029 19024->19005 19025->19018 19025->19033 19030 934969 19026->19030 19062 934335 19027->19062 19028->19036 19072 93417b 19028->19072 19029->19036 19034 92d22c __dosmaperr RtlAllocateHeap 19030->19034 19033->19036 19057 92d1e5 19033->19057 19034->19036 19036->19020 19038 928a3c 19037->19038 19044 928a38 std::locale::_Locimp::_Locimp 19037->19044 19039 928a43 19038->19039 19043 928a56 __fread_nolock 19038->19043 19040 92d23f __dosmaperr RtlAllocateHeap 19039->19040 19041 928a48 19040->19041 19042 9247a0 __fread_nolock RtlAllocateHeap 19041->19042 19042->19044 19043->19044 19045 928a84 19043->19045 19046 928a8d 19043->19046 19044->18973 19047 92d23f __dosmaperr RtlAllocateHeap 19045->19047 19046->19044 19049 92d23f __dosmaperr RtlAllocateHeap 19046->19049 19048 928a89 19047->19048 19050 9247a0 __fread_nolock RtlAllocateHeap 19048->19050 19049->19048 19050->19044 19052 936e6b 19051->19052 19053 936e3b __Getctype std::_Facet_Register 19051->19053 19054 92d23f __dosmaperr RtlAllocateHeap 19052->19054 19053->19052 19055 936e56 RtlAllocateHeap 19053->19055 19056 934730 19054->19056 19055->19053 19055->19056 19056->19006 19058 92d22c __dosmaperr RtlAllocateHeap 19057->19058 19059 92d1f0 __dosmaperr 19058->19059 19060 92d23f __dosmaperr RtlAllocateHeap 19059->19060 19061 92d203 19060->19061 19061->19036 19076 93402e 19062->19076 19065 9343d7 19069 934391 __fread_nolock 19065->19069 19070 92e13d __fread_nolock 2 API calls 19065->19070 19066 9343c7 19068 92d23f __dosmaperr RtlAllocateHeap 19066->19068 19067 93437d 19067->19036 19068->19067 19069->19067 19071 92d1e5 __dosmaperr RtlAllocateHeap 19069->19071 19070->19069 19071->19067 19074 9341b5 19072->19074 19073 934246 19073->19036 19074->19073 19075 92e13d __fread_nolock 2 API calls 19074->19075 19075->19073 19077 934062 19076->19077 19078 9340ce 19077->19078 19079 92e13d __fread_nolock 2 API calls 19077->19079 19078->19065 19078->19066 19078->19067 19078->19069 19079->19078 19081 928acf __fread_nolock 19080->19081 19082 928ad9 19081->19082 19085 928afc __fread_nolock 19081->19085 19083 924723 __fread_nolock RtlAllocateHeap 19082->19083 19084 928af4 19083->19084 19084->18489 19085->19084 19087 928b5a 19085->19087 19088 928b67 19087->19088 19089 928b8a 19087->19089 19090 924723 __fread_nolock RtlAllocateHeap 19088->19090 19091 928b82 19089->19091 19092 9255d3 4 API calls 19089->19092 19090->19091 19091->19084 19093 928ba2 19092->19093 19101 936ded 19093->19101 19096 935f82 __fread_nolock RtlAllocateHeap 19097 928bb6 19096->19097 19105 934a3f 19097->19105 19100 936db3 __freea RtlAllocateHeap 19100->19091 19102 936e04 19101->19102 19103 928baa 19101->19103 19102->19103 19104 936db3 __freea RtlAllocateHeap 19102->19104 19103->19096 19104->19103 19106 934a68 19105->19106 19111 928bbd 19105->19111 19107 934ab7 19106->19107 19109 934a8f 19106->19109 19108 924723 __fread_nolock RtlAllocateHeap 19107->19108 19108->19111 19112 9349ae 19109->19112 19111->19091 19111->19100 19113 9349ba __fread_nolock 19112->19113 19115 9349f9 19113->19115 19116 934b12 19113->19116 19115->19111 19117 93a6de __fread_nolock RtlAllocateHeap 19116->19117 19120 934b22 19117->19120 19118 934b28 19128 93a64d 19118->19128 19120->19118 19121 934b5a 19120->19121 19122 93a6de __fread_nolock RtlAllocateHeap 19120->19122 19121->19118 19123 93a6de __fread_nolock RtlAllocateHeap 19121->19123 19125 934b51 19122->19125 19124 934b66 FindCloseChangeNotification 19123->19124 19124->19118 19126 93a6de __fread_nolock RtlAllocateHeap 19125->19126 19126->19121 19127 934b80 __fread_nolock 19127->19115 19129 93a65c 19128->19129 19130 92d23f __dosmaperr RtlAllocateHeap 19129->19130 19133 93a686 19129->19133 19131 93a6c8 19130->19131 19132 92d22c __dosmaperr RtlAllocateHeap 19131->19132 19132->19133 19133->19127 19134 85e0a0 WSAStartup 19135 85e0d8 19134->19135 19136 85e1a7 19134->19136 19135->19136 19137 85e175 socket 19135->19137 19137->19136 19138 85e18b connect 19137->19138 19138->19136 19139 85e19d closesocket 19138->19139 19139->19136 19139->19137 20265 53a0210 20266 53a0213 GetCurrentHwProfileW 20265->20266 20268 53a0267 20265->20268 20266->20268 19147 92d168 19148 92d17b __fread_nolock 19147->19148 19153 92cf4a 19148->19153 19150 92d190 19151 9244dc __fread_nolock RtlAllocateHeap 19150->19151 19152 92d19d 19151->19152 19154 92cf58 19153->19154 19159 92cf80 19153->19159 19155 92cf87 19154->19155 19156 92cf65 19154->19156 19154->19159 19161 92cea3 19155->19161 19157 924723 __fread_nolock RtlAllocateHeap 19156->19157 19157->19159 19159->19150 19160 92cfbf 19160->19150 19162 92ceaf __fread_nolock 19161->19162 19165 92cefe 19162->19165 19164 92ceca 19164->19160 19172 938644 19165->19172 19192 938606 19172->19192 19174 92cf16 19179 92cfc1 19174->19179 19175 938655 19175->19174 19176 936e2d __fread_nolock 2 API calls 19175->19176 19177 9386ae 19176->19177 19178 936db3 __freea RtlAllocateHeap 19177->19178 19178->19174 19182 92cfd3 19179->19182 19183 92cf34 19179->19183 19180 92cfe1 19181 924723 __fread_nolock RtlAllocateHeap 19180->19181 19181->19183 19182->19180 19182->19183 19187 92d017 std::locale::_Locimp::_Locimp 19182->19187 19188 9386ef 19183->19188 19184 9255d3 4 API calls 19184->19187 19185 935f82 __fread_nolock RtlAllocateHeap 19185->19187 19186 93538b 4 API calls 19186->19187 19187->19183 19187->19184 19187->19185 19187->19186 19189 9386fa 19188->19189 19191 92cf40 19188->19191 19190 9255d3 4 API calls 19189->19190 19189->19191 19190->19191 19191->19164 19193 938612 19192->19193 19194 93863c 19193->19194 19195 935f82 __fread_nolock RtlAllocateHeap 19193->19195 19194->19175 19196 93862d 19195->19196 19197 940d44 __fread_nolock RtlAllocateHeap 19196->19197 19198 938633 19197->19198 19198->19175 20269 53a0207 20270 53a0219 GetCurrentHwProfileW 20269->20270 20272 53a0267 20270->20272

                                  Executed Functions

                                  Function 008A3A40 Relevance: 2.7, APIs: 2, Instructions: 157sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 133 8a3a40-8a3a52 134 8a3a55-8a3a61 133->134 136 8a3b28-8a3b31 GetPEB 134->136 137 8a3a67-8a3a6d 134->137 138 8a3b34-8a3b48 136->138 137->136 139 8a3a73-8a3a7f GetPEB 137->139 140 8a3b4a-8a3b4f 138->140 141 8a3b99-8a3b9b 138->141 142 8a3a80-8a3a94 139->142 140->141 143 8a3b51-8a3b59 140->143 141->138 144 8a3a96-8a3a9b 142->144 145 8a3ae4-8a3ae6 142->145 146 8a3b60-8a3b73 143->146 144->145 147 8a3a9d-8a3aa3 144->147 145->142 148 8a3b92-8a3b97 146->148 149 8a3b75-8a3b88 146->149 150 8a3aa5-8a3ab8 147->150 148->141 148->146 149->149 151 8a3b8a-8a3b90 149->151 152 8a3aba 150->152 153 8a3add-8a3ae2 150->153 151->148 154 8a3b9d-8a3bc2 Sleep 151->154 155 8a3ac0-8a3ad3 152->155 153->145 153->150 154->134 155->155 156 8a3ad5-8a3adb 155->156 156->153 157 8a3ae8-8a3b0d Sleep 156->157 158 8a3b13-8a3b1a 157->158 158->136 159 8a3b1c-8a3b22 158->159 159->136 160 8a3bc7-8a3bd8 call 846bd0 159->160 163 8a3bda-8a3bdc 160->163 164 8a3bde 160->164 165 8a3be0-8a3bfd call 846bd0 163->165 164->165
                                  APIs
                                  • Sleep.KERNELBASE(000003E9,?,00000001,00000000,?,?,?,?,?,?,?,?,008A3DB6), ref: 008A3B08
                                  • Sleep.KERNELBASE(00000001,?,00000001,00000000,?,?,?,?,?,?,?,?,008A3DB6), ref: 008A3BBA
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: a1c9bd2069d4c19498953f2d538d52cf49b6dde6daca7f6786b2d8bae90b9e47
                                  • Instruction ID: dd7ef8869abac888e46c86597bca17e932321653afbffe390f73026569a18417
                                  • Opcode Fuzzy Hash: a1c9bd2069d4c19498953f2d538d52cf49b6dde6daca7f6786b2d8bae90b9e47
                                  • Instruction Fuzzy Hash: B251CC35A046298FDB24CF58C8D0EAAB3B2FF46714B284599E445AFB51D731FE06CB90
                                  Function 0085E0A0 Relevance: 6.1, APIs: 4, Instructions: 100networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 85e0a0-85e0d2 WSAStartup 1 85e1b7-85e1c0 0->1 2 85e0d8-85e102 call 846bd0 * 2 0->2 7 85e104-85e108 2->7 8 85e10e-85e165 2->8 7->1 7->8 10 85e167-85e16d 8->10 11 85e1b1 8->11 12 85e1c5-85e1cf 10->12 13 85e16f 10->13 11->1 12->11 17 85e1d1-85e1d9 12->17 14 85e175-85e189 socket 13->14 14->11 15 85e18b-85e19b connect 14->15 18 85e1c1 15->18 19 85e19d-85e1a5 closesocket 15->19 18->12 19->14 20 85e1a7-85e1ab 19->20 20->11
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Startupclosesocketconnectsocket
                                  • String ID:
                                  • API String ID: 3098855095-0
                                  • Opcode ID: e245437f3077db594f4ab876defb5afda3faf22c3696b98fb2fa330c6182e01d
                                  • Instruction ID: 8cccd600e21df44e084c9d0862b66b8cebd9b0776428853490a1b12bd82834f5
                                  • Opcode Fuzzy Hash: e245437f3077db594f4ab876defb5afda3faf22c3696b98fb2fa330c6182e01d
                                  • Instruction Fuzzy Hash: 6731AF726447006BD7209F248C89B2BB7E8FB85736F015F1DFDA8962D0E33199088B92
                                  Function 00934623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 21 934623-934633 22 934635-934648 call 92d22c call 92d23f 21->22 23 93464d-93464f 21->23 37 9349a7 22->37 25 934655-93465b 23->25 26 93498f-93499c call 92d22c call 92d23f 23->26 25->26 28 934661-93468a 25->28 44 9349a2 call 9247a0 26->44 28->26 31 934690-934699 28->31 34 9346b3-9346b5 31->34 35 93469b-9346ae call 92d22c call 92d23f 31->35 40 93498b-93498d 34->40 41 9346bb-9346bf 34->41 35->44 42 9349aa-9349ad 37->42 40->42 41->40 45 9346c5-9346c9 41->45 44->37 45->35 46 9346cb-9346e2 45->46 49 934717-93471d 46->49 50 9346e4-9346e7 46->50 54 9346f1-934708 call 92d22c call 92d23f call 9247a0 49->54 55 93471f-934726 49->55 52 9346e9-9346ef 50->52 53 93470d-934715 50->53 52->53 52->54 57 93478a-9347a9 53->57 84 9348c2 54->84 58 93472a-934748 call 936e2d call 936db3 * 2 55->58 59 934728 55->59 61 934865-93486e call 940d44 57->61 62 9347af-9347bb 57->62 89 934765-934788 call 92e13d 58->89 90 93474a-934760 call 92d23f call 92d22c 58->90 59->58 75 934870-934882 61->75 76 9348df 61->76 62->61 67 9347c1-9347c3 62->67 67->61 68 9347c9-9347ea 67->68 68->61 72 9347ec-934802 68->72 72->61 77 934804-934806 72->77 75->76 80 934884-934893 75->80 81 9348e3-9348f9 ReadFile 76->81 77->61 82 934808-93482b 77->82 80->76 99 934895-934899 80->99 85 934957-934962 81->85 86 9348fb-934901 81->86 82->61 88 93482d-934843 82->88 91 9348c5-9348cf call 936db3 84->91 100 934964-934976 call 92d23f call 92d22c 85->100 101 93497b-93497e 85->101 86->85 87 934903 86->87 94 934906-934918 87->94 88->61 95 934845-934847 88->95 89->57 90->84 91->42 94->91 102 93491a-93491e 94->102 95->61 103 934849-934860 95->103 99->81 107 93489b-9348b3 99->107 100->84 111 934984-934986 101->111 112 9348bb-9348c1 call 92d1e5 101->112 109 934920-934930 call 934335 102->109 110 934937-934944 102->110 103->61 121 9348b5-9348ba 107->121 122 9348d4-9348dd 107->122 129 934933-934935 109->129 118 934950-934955 call 93417b 110->118 119 934946 call 93448c 110->119 111->91 112->84 130 93494b-93494e 118->130 119->130 121->112 122->94 129->91 130->129
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 25e757d747eead786977d05ea2f3af8078cdbe4b7f3ac70e58d979c95b0c73aa
                                  • Instruction ID: edb130c78d16f1676f4a27e0e524de23588b01700d2876e50703cff54a57e2d0
                                  • Opcode Fuzzy Hash: 25e757d747eead786977d05ea2f3af8078cdbe4b7f3ac70e58d979c95b0c73aa
                                  • Instruction Fuzzy Hash: 95B13470E04249AFDB11DFA8E841BAEBBB9EF86300F154158E554AB392C774BD41CF61
                                  Function 0084A210 Relevance: 1.7, APIs: 1, Instructions: 231COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 168 84a210-84a2ab call 91f290 call 842ae0 173 84a2b0-84a2bb 168->173 173->173 174 84a2bd-84a2c8 173->174 175 84a2cd-84a2de call 925362 174->175 176 84a2ca 174->176 179 84a2e0-84a305 call 929136 call 924eeb call 929136 175->179 180 84a351-84a357 175->180 176->175 198 84a307 179->198 199 84a30c-84a316 179->199 182 84a381-84a393 180->182 183 84a359-84a365 180->183 185 84a377-84a37e call 91f511 183->185 186 84a367-84a375 183->186 185->182 186->185 187 84a394-84a3ae call 9247b0 186->187 195 84a3b0-84a3bb 187->195 195->195 197 84a3bd-84a3c8 195->197 202 84a3cd-84a3df call 925362 197->202 203 84a3ca 197->203 198->199 200 84a328-84a32f call 8acf60 199->200 201 84a318-84a31c 199->201 208 84a334-84a33a 200->208 204 84a320-84a326 201->204 205 84a31e 201->205 212 84a3e1-84a3f9 call 929136 call 924eeb call 928be8 202->212 213 84a3fc-84a403 202->213 203->202 204->208 205->204 210 84a33c 208->210 211 84a33e-84a349 call 92dbdf call 928be8 208->211 210->211 229 84a34e 211->229 212->213 214 84a405-84a411 213->214 215 84a42d-84a433 213->215 218 84a423-84a42a call 91f511 214->218 219 84a413-84a421 214->219 218->215 219->218 223 84a434-84a45e call 9247b0 219->223 235 84a460-84a464 223->235 236 84a46f-84a474 223->236 229->180 235->236 237 84a466-84a46e 235->237
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __fread_nolock
                                  • String ID:
                                  • API String ID: 2638373210-0
                                  • Opcode ID: 5d1da4e1b43505445c994e79d62429714658ca75d30394b83c9ee1e08db8d7aa
                                  • Instruction ID: 23dc475e55d3d9984fef2b7ef51e9567fb1d157c745fc089272a9d04b9077a25
                                  • Opcode Fuzzy Hash: 5d1da4e1b43505445c994e79d62429714658ca75d30394b83c9ee1e08db8d7aa
                                  • Instruction Fuzzy Hash: C1714771940218AFDB18DF68DC49BAEB7E8FF81700F10856DF809DB782E7B599418792
                                  Function 0093549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 238 93549c-9354be 239 9356b1 238->239 240 9354c4-9354c6 238->240 241 9356b3-9356b7 239->241 242 9354f2-935515 240->242 243 9354c8-9354e7 call 924723 240->243 244 935517-935519 242->244 245 93551b-935521 242->245 251 9354ea-9354ed 243->251 244->245 247 935523-935534 244->247 245->243 245->247 249 935547-935557 call 934fe1 247->249 250 935536-935544 call 92e17d 247->250 256 9355a0-9355b2 249->256 257 935559-93555f 249->257 250->249 251->241 258 9355b4-9355ba 256->258 259 935609-935629 WriteFile 256->259 260 935561-935564 257->260 261 935588-93559e call 934bb2 257->261 265 9355f5-935607 call 93505e 258->265 266 9355bc-9355bf 258->266 262 935634 259->262 263 93562b-935631 259->263 267 935566-935569 260->267 268 93556f-93557e call 934f79 260->268 278 935581-935583 261->278 270 935637-935642 262->270 263->262 285 9355dc-9355df 265->285 271 9355e1-9355f3 call 935222 266->271 272 9355c1-9355c4 266->272 267->268 273 935649-93564c 267->273 268->278 279 935644-935647 270->279 280 9356ac-9356af 270->280 271->285 281 9355ca-9355d7 call 935139 272->281 282 93564f-935651 272->282 273->282 278->270 279->273 280->241 281->285 287 935653-935658 282->287 288 93567f-93568b 282->288 285->278 292 935671-93567a call 92d208 287->292 293 93565a-93566c 287->293 290 935695-9356a7 288->290 291 93568d-935693 288->291 290->251 291->239 291->290 292->251 293->251
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000000,00929087,?,00000000,00000000,00000000,?,00000000,?,0084A3EB,00929087,00000000,0084A3EB,?,?), ref: 00935621
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: 3dedab9a5eb99e8515afacaebcb9792e58cb47bd661440acfdc6edf1fb35f941
                                  • Instruction ID: 10fe554788715e77129bb512c80520e137e4656dd5f73f1620b379a5476f1365
                                  • Opcode Fuzzy Hash: 3dedab9a5eb99e8515afacaebcb9792e58cb47bd661440acfdc6edf1fb35f941
                                  • Instruction Fuzzy Hash: 6F61B0B2D04519AFDF11DFA8C845EEEBBBAAF4D308F160545F804A7215D375E9418FA0
                                  Function 053A0210 Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 296 53a0210-53a0211 297 53a0213-53a0232 296->297 298 53a0286 296->298 306 53a023f-53a0259 GetCurrentHwProfileW 297->306 300 53a0288-53a028f 298->300 301 53a026c-53a0279 298->301 303 53a0291 300->303 304 53a0296-53a0567 call 53a04af 300->304 301->303 303->304 310 53a0267 306->310 310->301
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053A0252
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3794089756.00000000053A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_53a0000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: be05b64305698f68568b850385ba7d79b9c1ef23fd72538dffec1e222cc3c81e
                                  • Instruction ID: 027786b70f1fa1799184c17cfaa0b88176e03771deee6bfd3b92df89f06e49a1
                                  • Opcode Fuzzy Hash: be05b64305698f68568b850385ba7d79b9c1ef23fd72538dffec1e222cc3c81e
                                  • Instruction Fuzzy Hash: 244127EB50C210EEA14ED6E15B5C9FA6B2FF6A7330731806AB447E6E42F6C51B584432
                                  Function 053A0207 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 346 53a0207-53a0232 349 53a023f-53a0259 GetCurrentHwProfileW 346->349 351 53a0267-53a0567 call 53a04af 349->351
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053A0252
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3794089756.00000000053A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_53a0000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: c7e0a91298dce28e21efb9aa1371f00764f0d88ff71e120f399bd4e983140848
                                  • Instruction ID: 5773c2220af17073b2f52629d1e58f3d054f442b24e9e1f29a48a3a66409c226
                                  • Opcode Fuzzy Hash: c7e0a91298dce28e21efb9aa1371f00764f0d88ff71e120f399bd4e983140848
                                  • Instruction Fuzzy Hash: 483114EB54C210EEA14ED6D25B5C9FA6B2FF6E73307318066B407E6E42F6D40B584432
                                  Function 053A0221 Relevance: 1.7, APIs: 1, Instructions: 171COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 393 53a0221-53a0232 394 53a023f-53a0259 GetCurrentHwProfileW 393->394 396 53a0267-53a0567 call 53a04af 394->396
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053A0252
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3794089756.00000000053A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_53a0000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: ffb4fd1f61e00a37d5fc02654ea1afc2f98d0c332f37a499d7714262bf13ee3a
                                  • Instruction ID: 229558f1badca420bf1286befd5cd25b56d21977b4c93b8c7b173556936e815d
                                  • Opcode Fuzzy Hash: ffb4fd1f61e00a37d5fc02654ea1afc2f98d0c332f37a499d7714262bf13ee3a
                                  • Instruction Fuzzy Hash: 333157EB50C210EEA14ED6D21B5C5FA6B2FF6A73307318066F447E2E42F6D40B584532
                                  Function 053A0239 Relevance: 1.7, APIs: 1, Instructions: 164COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 438 53a0239-53a0259 GetCurrentHwProfileW 441 53a0267-53a0567 call 53a04af 438->441
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(?), ref: 053A0252
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3794089756.00000000053A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_53a0000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: c86bf8fcf83c07c0dae0af3e5a62e95d79870dee235d3d1f1c8667c2a9741b52
                                  • Instruction ID: 75a553158c7d5b88a689a8cbd937f3b2d5bd9be8598b127e75cf136652e223b5
                                  • Opcode Fuzzy Hash: c86bf8fcf83c07c0dae0af3e5a62e95d79870dee235d3d1f1c8667c2a9741b52
                                  • Instruction Fuzzy Hash: 0E3144EB50C210EEA10ED6E2179C5FA6B2FF6A73307318066F447E2E42F6D40A584432
                                  Function 00924942 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 483 924942-92494f 484 924951-924974 call 924723 483->484 485 924979-92498d call 935f82 483->485 490 924ae0-924ae2 484->490 491 924992-92499b call 92e11f 485->491 492 92498f 485->492 494 9249a0-9249af 491->494 492->491 495 9249b1 494->495 496 9249bf-9249c8 494->496 499 9249b7-9249b9 495->499 500 924a89-924a8e 495->500 497 9249ca-9249d7 496->497 498 9249dc-924a10 496->498 501 924adc 497->501 502 924a12-924a1c 498->502 503 924a6d-924a79 498->503 499->496 499->500 504 924ade-924adf 500->504 501->504 505 924a43-924a4f 502->505 506 924a1e-924a2a 502->506 507 924a90-924a93 503->507 508 924a7b-924a82 503->508 504->490 505->507 510 924a51-924a6b call 924e59 505->510 506->505 509 924a2c-924a3e call 924cae 506->509 511 924a96-924a9e 507->511 508->500 509->504 510->511 512 924aa0-924aa6 511->512 513 924ada 511->513 516 924aa8-924abc call 924ae3 512->516 517 924abe-924ac2 512->517 513->501 516->504 521 924ac4-924ad2 call 944a10 517->521 522 924ad5-924ad7 517->522 521->522 522->513
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1ca5d0952c920614a067471f6a598fcd655e93ea7b0d7f65bc08396349ca8b02
                                  • Instruction ID: a83fd41d6840342f4f3c823865eef64aad5eb94fe45573810560fb840c59488d
                                  • Opcode Fuzzy Hash: 1ca5d0952c920614a067471f6a598fcd655e93ea7b0d7f65bc08396349ca8b02
                                  • Instruction Fuzzy Hash: 7151C870A00228EFDF14DF58DC85AAABFB5EF89354F248158F8499B256D371DE41CB90
                                  Function 008B0560 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 526 8b0560-8b057f 527 8b06a9 call 842270 526->527 528 8b0585-8b0598 526->528 533 8b06ae call 8421d0 527->533 530 8b059a 528->530 531 8b05c0-8b05c8 528->531 532 8b059c-8b05a1 530->532 534 8b05ca-8b05cf 531->534 535 8b05d1-8b05d5 531->535 536 8b05a4-8b05a5 call 91f290 532->536 541 8b06b3-8b06b8 call 9247b0 533->541 534->532 538 8b05d9-8b05e1 535->538 539 8b05d7 535->539 544 8b05aa-8b05af 536->544 542 8b05e3-8b05e8 538->542 543 8b05f0-8b05f2 538->543 539->538 542->533 546 8b05ee 542->546 547 8b0601 543->547 548 8b05f4-8b05ff call 91f290 543->548 544->541 550 8b05b5-8b05be 544->550 546->536 549 8b0603-8b0629 547->549 548->549 553 8b062b-8b0655 call 920f70 call 9214f0 549->553 554 8b0680-8b06a6 call 920f70 call 9214f0 549->554 550->549 564 8b0669-8b067d call 91f511 553->564 565 8b0657-8b0665 553->565 565->541 566 8b0667 565->566 566->564
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 008B06AE
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction ID: e67ee8b7a0130a12c992bea1da0e33a3dc0d0a9e6acba8d44ccf99c0bcbdde56
                                  • Opcode Fuzzy Hash: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction Fuzzy Hash: 0841D572A002289BCB15DF68D9806DF7BA5FF85350F140669F815EB356D730ED608BE1
                                  Function 00934B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 569 934b12-934b26 call 93a6de 572 934b28-934b2a 569->572 573 934b2c-934b34 569->573 574 934b7a-934b9a call 93a64d 572->574 575 934b36-934b3d 573->575 576 934b3f-934b42 573->576 585 934bac 574->585 586 934b9c-934baa call 92d208 574->586 575->576 578 934b4a-934b5e call 93a6de * 2 575->578 579 934b60-934b70 call 93a6de FindCloseChangeNotification 576->579 580 934b44-934b48 576->580 578->572 578->579 579->572 588 934b72-934b78 579->588 580->578 580->579 590 934bae-934bb1 585->590 586->590 588->574
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,009349F9,00000000,CF830579,00971140,0000000C,00934AB5,00928BBD,?), ref: 00934B68
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: c43e2767ad2476cd48f77f91d0ea8ecf642e9944ea2d0ea707105f5faf59635e
                                  • Instruction ID: 055469b9eaccfef36abd134bd6aca65bc6834a5e59b21045b4da6cef4436dadd
                                  • Opcode Fuzzy Hash: c43e2767ad2476cd48f77f91d0ea8ecf642e9944ea2d0ea707105f5faf59635e
                                  • Instruction Fuzzy Hash: D911A633A4422456D32123346806B7EF76E8FC37B8F2B020DF8488B0C2EE21FC815986
                                  Function 0092E05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 595 92e05c-92e074 call 93a6de 598 92e076-92e07d 595->598 599 92e08a-92e0a0 SetFilePointerEx 595->599 600 92e084-92e088 598->600 601 92e0a2-92e0b3 call 92d208 599->601 602 92e0b5-92e0bf 599->602 603 92e0db-92e0de 600->603 601->600 602->600 604 92e0c1-92e0d6 602->604 604->603
                                  APIs
                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,00970DF8,0084A3EB,00000002,0084A3EB,00000000,?,?,?,0092E166,00000000,?,0084A3EB,00000002,00970DF8), ref: 0092E098
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FilePointer
                                  • String ID:
                                  • API String ID: 973152223-0
                                  • Opcode ID: 7ef2f04a57fe1198d4f0e0a472f03b35ce59cfc820935d47856fa54747201f41
                                  • Instruction ID: 34cc2fa67e8ef174fd11c1a046fb2e8645bc7c41da77a1a613650e0c84711c13
                                  • Opcode Fuzzy Hash: 7ef2f04a57fe1198d4f0e0a472f03b35ce59cfc820935d47856fa54747201f41
                                  • Instruction Fuzzy Hash: 16014932615228AFCF05DF19EC45C9E3B29DF81334F240208F8509B2D4E6B1ED429BD0
                                  Function 0091F290 Relevance: 1.6, APIs: 1, Instructions: 51COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 608 91f290-91f293 609 91f2a2-91f2a5 call 92df2c 608->609 611 91f2aa-91f2ad 609->611 612 91f295-91f2a0 call 9317d8 611->612 613 91f2af-91f2b0 611->613 612->609 616 91f2b1-91f2b5 612->616 617 8421d0-842220 call 8421b0 call 920efb call 920651 616->617 618 91f2bb 616->618 618->618
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0084220E
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID:
                                  • API String ID: 2659868963-0
                                  • Opcode ID: 56600c4e13ce041046437c19c36af837acb259b7c52d405204ed1b9f4d11d4d3
                                  • Instruction ID: ee725df62c810334ae00dffd721428ab22701739eb3fec2494ed99bb94e43e8b
                                  • Opcode Fuzzy Hash: 56600c4e13ce041046437c19c36af837acb259b7c52d405204ed1b9f4d11d4d3
                                  • Instruction Fuzzy Hash: CE012B3650430DABCB14AF98EC1599A7BECDA40310B508835FA18DB551E730E990C795
                                  Function 009363F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 625 9363f3-9363fe 626 936400-93640a 625->626 627 93640c-936412 625->627 626->627 628 936440-93644b call 92d23f 626->628 629 936414-936415 627->629 630 93642b-93643c RtlAllocateHeap 627->630 635 93644d-93644f 628->635 629->630 631 936417-93641e call 933f93 630->631 632 93643e 630->632 631->628 638 936420-936429 call 9317d8 631->638 632->635 638->628 638->630
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,009291F7,00000000,?,00935D79,00000001,00000364,00000000,00000006,000000FF,?,00000000,0092D244,009289C3,009291F7,00000000), ref: 00936435
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: ed6538af59b8d6954c861b41dd61dcbd42ad8188535711874d61c6bf6d287418
                                  • Instruction ID: 5533737820bf65d0da9592118c6ae2488fa901b43e74a8d08f521baaf73876fa
                                  • Opcode Fuzzy Hash: ed6538af59b8d6954c861b41dd61dcbd42ad8188535711874d61c6bf6d287418
                                  • Instruction Fuzzy Hash: 61F08932D4512576DB226F669C0EB5B7B5D9F81774F15C551EC08961A0CA30D8114EE1
                                  Function 00936E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000000,0093D635,4D88C033,?,0093D635,00000220,?,009357EF,4D88C033), ref: 00936E60
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 51525a97cdfee054299a08840aa0bf0cea2da45db8dd4fe4a3d9a86dd9acbe40
                                  • Instruction ID: 65baeea477a46991584b586740968249d75433063ac2c00adffe79f7a416b467
                                  • Opcode Fuzzy Hash: 51525a97cdfee054299a08840aa0bf0cea2da45db8dd4fe4a3d9a86dd9acbe40
                                  • Instruction Fuzzy Hash: A7E0223A140622B6EB3136A5DC00B5B7B5DCFC23B0F048521FD09920E0CB20CC348DE8

                                  Non-executed Functions

                                  Function 009284A0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction ID: f26c70ce3aed86cf07b44611a973a71378612461d28c71c71a59ea3327ca92e5
                                  • Opcode Fuzzy Hash: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction Fuzzy Hash: F5023C75E012299BDF14CFA9D8807AEFBF5FF48314F248269D919E7344DB31A9418B90
                                  Function 008AF810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008AF833
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008AF855
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008AF875
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008AF89F
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008AF90D
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 008AF959
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 008AF973
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008AFA08
                                  • std::_Facet_Register.LIBCPMT ref: 008AFA15
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                  • String ID: bad locale name$Ps
                                  • API String ID: 3375549084-1174896957
                                  • Opcode ID: 8cd6f05cd935d5273b086ae9be41728ed43b2d94433cec5bdb40eadb6bf180cb
                                  • Instruction ID: e5581424b11cc0f81d66d611584e52fa869d51cc832bb8b353fb206a7e7eb931
                                  • Opcode Fuzzy Hash: 8cd6f05cd935d5273b086ae9be41728ed43b2d94433cec5bdb40eadb6bf180cb
                                  • Instruction Fuzzy Hash: 29619FB1E012589BEB10DFE4D885BDEBBB4FF45310F184068E908E7742D739A945CB92
                                  Function 008439F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00843A58
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00843AA4
                                  • __Getctype.LIBCPMT ref: 00843ABA
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00843AE6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00843B7B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                  • String ID: bad locale name
                                  • API String ID: 1840309910-1405518554
                                  • Opcode ID: 387278e1df8929f4a2561618fea9984ba6f5f285b7c0675c2d8eeacf37262bd4
                                  • Instruction ID: 3d4092120c6214a17def9e170ec68ea9d3962e8d47d614eb2b2c3d6178e2e1aa
                                  • Opcode Fuzzy Hash: 387278e1df8929f4a2561618fea9984ba6f5f285b7c0675c2d8eeacf37262bd4
                                  • Instruction Fuzzy Hash: A6514DB1D0125C9BEB10DFA4D885B8EBBB8FF54314F144069E809EB341E778DA04CB61
                                  Function 00922E10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                  Download Yara Rule
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 00922E47
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00922E4F
                                  • _ValidateLocalCookies.LIBCMT ref: 00922ED8
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00922F03
                                  • _ValidateLocalCookies.LIBCMT ref: 00922F58
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: csm
                                  • API String ID: 1170836740-1018135373
                                  • Opcode ID: a7b6e3a58a422ae219933ad32ed89c5205582dbfc3012613d7288395b0cd627b
                                  • Instruction ID: 7a29819048d850f37bf1f5af102b429ae91a109b5c37f0b72d23ca51c94515e1
                                  • Opcode Fuzzy Hash: a7b6e3a58a422ae219933ad32ed89c5205582dbfc3012613d7288395b0cd627b
                                  • Instruction Fuzzy Hash: 74410830A00228BBCF10DF68E881B9EBBB9BF85324F148055F8089B396D735DE55DB90
                                  Function 008ADE70 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008ADE93
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008ADEB6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008ADED6
                                  • std::_Facet_Register.LIBCPMT ref: 008ADF4B
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008ADF63
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 008ADF7B
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                  • String ID:
                                  • API String ID: 2081738530-0
                                  • Opcode ID: 47257f551567a6d89b2b52da553d9d762b762ffae118b379424d3d1a36e63526
                                  • Instruction ID: 3e29fe2b18fc0478e142814730a6b86f16a1db45b95c997ce35d1de3c22cf20c
                                  • Opcode Fuzzy Hash: 47257f551567a6d89b2b52da553d9d762b762ffae118b379424d3d1a36e63526
                                  • Instruction Fuzzy Hash: 0541F272A04219DFDB14DF58D881BABBBB4FB45310F144268E81ADBB51DB31AD84CBD1
                                  Function 00844C50 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 442COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00844F72
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00844FFF
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 008450C8
                                  Strings
                                  • recursive_directory_iterator::operator++, xrefs: 0084504C
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy$___std_exception_copy
                                  • String ID: recursive_directory_iterator::operator++
                                  • API String ID: 1206660477-953255998
                                  • Opcode ID: 0d7d88e2028e1fa0861b3ab60cfc61286179762284b6b31e49b283ec6d746215
                                  • Instruction ID: 3b367bd57a8a9e2154bb8c1d60e4d8dcc418ce8ae6599b505e894c93697e1f4f
                                  • Opcode Fuzzy Hash: 0d7d88e2028e1fa0861b3ab60cfc61286179762284b6b31e49b283ec6d746215
                                  • Instruction Fuzzy Hash: 95E1F4719006089FDB28DF68D845BAEB7F9FF44710F104A2DE456D3B81DB74A944CBA1
                                  Function 00847820 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 310COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0084799A
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00847B75
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: out_of_range$type_error
                                  • API String ID: 2659868963-3702451861
                                  • Opcode ID: adadc9d4360c0b8c5f364e6335aa997f8265b042ff1105a2e121385f7685f4f4
                                  • Instruction ID: d2a780c3a8278941e1bfbe29ba5ec41b40969a52ff81d1f4b94d264c41bad568
                                  • Opcode Fuzzy Hash: adadc9d4360c0b8c5f364e6335aa997f8265b042ff1105a2e121385f7685f4f4
                                  • Instruction Fuzzy Hash: 06C146B19042089FDB18CFA8D884B9DFBF5FF48310F14866AE419EB792E7749980CB55
                                  Function 008473B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 008475BE
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 008475CD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: at line $, column
                                  • API String ID: 4194217158-191570568
                                  • Opcode ID: 3bc2eb5c7b8a4db1944cd620a6219d4d30897a5889ab201a67dba66e513701b2
                                  • Instruction ID: d294294c7d79fe579f766ee4ae19a1081f9ca948970369a73cf1c131466a3473
                                  • Opcode Fuzzy Hash: 3bc2eb5c7b8a4db1944cd620a6219d4d30897a5889ab201a67dba66e513701b2
                                  • Instruction Fuzzy Hash: 7661C271A042099FDB18CF68DC94BADBBB6FF84300F24462CF415E7B82D774AA448B91
                                  Function 00843D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00843E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-1866435925
                                  • Opcode ID: ef647cb74d4d84cceadce87394d8df28b2c69c7cf9291b1a583e8bc4d3c349d3
                                  • Instruction ID: d2eec1a30abd01bb0e3d4405aa92677bf9b67089410fb9708ac104d344a4477e
                                  • Opcode Fuzzy Hash: ef647cb74d4d84cceadce87394d8df28b2c69c7cf9291b1a583e8bc4d3c349d3
                                  • Instruction Fuzzy Hash: 0641B6B2900209AFCB14DF58D845BAEB7F8FF49710F14852AF919D7781E774AA01CBA1
                                  Function 00843DE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00843E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-1866435925
                                  • Opcode ID: c3179a82d3864173c9d9aec61c4c1f04234fcd61f0a46a89104b4b5766090831
                                  • Instruction ID: b8e314dc99320d143af26644ca1d38df9d0a2b6c6c64e5126c10b0400ca88747
                                  • Opcode Fuzzy Hash: c3179a82d3864173c9d9aec61c4c1f04234fcd61f0a46a89104b4b5766090831
                                  • Instruction Fuzzy Hash: 8421BBB29047196BC724DF58D805F96B7ECFB44310F18882AFA68C7682E774EA14CB91
                                  Function 00846F40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00847340
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: parse error$parse_error
                                  • API String ID: 2659868963-1820534363
                                  • Opcode ID: d84d944e0fce3f7fb29a838fa01b081dc50cbd4fb01a342735e15e6c0cbf4f61
                                  • Instruction ID: e988ca25601d639e9184c4238d4913cdee6f27adb7d320ceec597fae1cff9223
                                  • Opcode Fuzzy Hash: d84d944e0fce3f7fb29a838fa01b081dc50cbd4fb01a342735e15e6c0cbf4f61
                                  • Instruction Fuzzy Hash: BFE15F709042488FDB18CF68C894B9DBBB2FF49304F2482ADE419EB796D7749A85CF51
                                  Function 00846C60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00846F11
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00846F20
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: [json.exception.
                                  • API String ID: 4194217158-791563284
                                  • Opcode ID: 19c61378378836136b967a3085c0fbb839c1d52f31a58cc4b1d7e790216d15e2
                                  • Instruction ID: 67e5287089578a620677c81c8326136e1ad2975f265a23a32ece0c6f7116c67f
                                  • Opcode Fuzzy Hash: 19c61378378836136b967a3085c0fbb839c1d52f31a58cc4b1d7e790216d15e2
                                  • Instruction Fuzzy Hash: 23919070A002089FDB18CF68D984B9EBBF6FF45300F20866DE415EB792E775A985CB51
                                  Function 008BE440 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 008BE491
                                  Strings
                                  • type must be string, but is , xrefs: 008BE4F8
                                  • type must be boolean, but is , xrefs: 008BE582
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID: type must be boolean, but is $type must be string, but is
                                  • API String ID: 118556049-436076039
                                  • Opcode ID: b9e13bcfbf9e18d12b45398c7a6cf33444b7e9aa8276037e493634fc3e2c38a1
                                  • Instruction ID: c0703da12839f106ff6a90d03eabb195e907171dfe906ca9d328f5bb9202d5d0
                                  • Opcode Fuzzy Hash: b9e13bcfbf9e18d12b45398c7a6cf33444b7e9aa8276037e493634fc3e2c38a1
                                  • Instruction Fuzzy Hash: F1417CB5D0024CAFDB14EBA8E812BDE77A8FB40310F048674F419D7B82EB35A944C796

                                  Execution Graph

                                  Execution Coverage:2.7%
                                  Dynamic/Decrypted Code Coverage:1.3%
                                  Signature Coverage:0%
                                  Total number of Nodes:386
                                  Total number of Limit Nodes:62
                                  execution_graph 21063 854100 GetPEB RtlAllocateHeap __fread_nolock 20507 84a210 20540 91f290 20507->20540 20509 84a248 20545 842ae0 20509->20545 20511 84a28b 20561 925362 20511->20561 20515 84a377 20518 84a34e 20518->20515 20590 9247b0 RtlAllocateHeap __fread_nolock __Getctype 20518->20590 20521 929136 4 API calls 20522 84a2fc 20521->20522 20527 84a318 20522->20527 20576 8acf60 20522->20576 20581 92dbdf 20527->20581 20542 8421d0 Concurrency::cancel_current_task ___std_exception_copy std::_Facet_Register 20540->20542 20541 91f2af 20541->20509 20542->20541 20591 920651 RtlAllocateHeap __freea ___std_exception_copy 20542->20591 20544 842213 20544->20509 20546 842ba5 20545->20546 20551 842af6 20545->20551 20592 842270 RtlAllocateHeap __fread_nolock std::_Xinvalid_argument 20546->20592 20548 842b02 std::locale::_Init 20548->20511 20549 842baa 20593 8421d0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 20549->20593 20551->20548 20554 842b65 20551->20554 20556 842b2a 20551->20556 20557 842b6e 20551->20557 20552 91f290 std::_Facet_Register RtlAllocateHeap 20553 842b3d 20552->20553 20560 842b46 std::locale::_Init 20553->20560 20594 9247b0 RtlAllocateHeap __fread_nolock __Getctype 20553->20594 20554->20549 20554->20556 20556->20552 20559 91f290 std::_Facet_Register RtlAllocateHeap 20557->20559 20557->20560 20559->20560 20560->20511 20595 9252a0 20561->20595 20563 84a2d7 20563->20518 20564 929136 20563->20564 20565 929149 __fread_nolock 20564->20565 20628 928e8d 20565->20628 20567 92915e 20635 9244dc 20567->20635 20570 924eeb 20571 924efe __fread_nolock 20570->20571 20741 924801 20571->20741 20573 924f0a 20574 9244dc __fread_nolock RtlAllocateHeap 20573->20574 20575 84a2f0 20574->20575 20575->20521 20577 8acfa7 20576->20577 20580 8acf78 __fread_nolock 20576->20580 20779 8b0560 20577->20779 20579 8acfba 20579->20527 20580->20527 20797 92dbfc 20581->20797 20583 84a348 20584 928be8 20583->20584 20585 928bfb __fread_nolock 20584->20585 20912 928ac3 20585->20912 20587 928c07 20588 9244dc __fread_nolock RtlAllocateHeap 20587->20588 20589 928c13 20588->20589 20589->20518 20591->20544 20592->20549 20593->20553 20597 9252ac __fread_nolock 20595->20597 20596 9252b3 20613 92d23f RtlAllocateHeap __dosmaperr 20596->20613 20597->20596 20599 9252d3 20597->20599 20601 9252e5 20599->20601 20602 9252d8 20599->20602 20600 9252b8 20614 9247a0 RtlAllocateHeap __fread_nolock 20600->20614 20609 936688 20601->20609 20615 92d23f RtlAllocateHeap __dosmaperr 20602->20615 20606 9252ee 20608 9252c3 20606->20608 20616 92d23f RtlAllocateHeap __dosmaperr 20606->20616 20608->20563 20610 936694 __fread_nolock std::_Lockit::_Lockit 20609->20610 20617 93672c 20610->20617 20612 9366af 20612->20606 20613->20600 20614->20608 20615->20608 20616->20608 20618 93674f __fread_nolock 20617->20618 20622 936795 __fread_nolock 20618->20622 20623 9363f3 20618->20623 20620 9367b0 20627 936db3 RtlAllocateHeap __dosmaperr 20620->20627 20622->20612 20626 936400 __Getctype std::_Facet_Register 20623->20626 20624 93642b RtlAllocateHeap 20625 93643e __dosmaperr 20624->20625 20624->20626 20625->20620 20626->20624 20626->20625 20627->20622 20630 928e99 __fread_nolock 20628->20630 20629 928e9f 20650 924723 RtlAllocateHeap __fread_nolock __Getctype 20629->20650 20630->20629 20632 928ee2 __fread_nolock 20630->20632 20641 929010 20632->20641 20634 928eba 20634->20567 20636 9244e8 20635->20636 20637 9244ff 20636->20637 20739 924587 RtlAllocateHeap __fread_nolock __Getctype 20636->20739 20638 84a2ea 20637->20638 20740 924587 RtlAllocateHeap __fread_nolock __Getctype 20637->20740 20638->20570 20642 929023 20641->20642 20643 929036 20641->20643 20642->20634 20651 928f37 20643->20651 20645 9290e7 20645->20634 20646 929059 20646->20645 20655 9255d3 20646->20655 20650->20634 20652 928fa0 20651->20652 20653 928f48 20651->20653 20652->20646 20653->20652 20664 92e13d SetFilePointerEx RtlAllocateHeap __fread_nolock 20653->20664 20656 9255ec 20655->20656 20657 925613 20655->20657 20656->20657 20665 935f82 20656->20665 20661 92e17d 20657->20661 20659 925608 20672 93538b 20659->20672 20716 92e05c 20661->20716 20663 92e196 20663->20645 20664->20652 20666 935fa3 20665->20666 20667 935f8e 20665->20667 20666->20659 20679 92d23f RtlAllocateHeap __dosmaperr 20667->20679 20669 935f93 20680 9247a0 RtlAllocateHeap __fread_nolock 20669->20680 20671 935f9e 20671->20659 20674 935397 __fread_nolock 20672->20674 20673 9353d8 20695 924723 RtlAllocateHeap __fread_nolock __Getctype 20673->20695 20674->20673 20676 93541e 20674->20676 20678 93539f 20674->20678 20676->20678 20681 93549c 20676->20681 20678->20657 20679->20669 20680->20671 20682 9354c4 20681->20682 20694 9354e7 __fread_nolock 20681->20694 20683 9354c8 20682->20683 20685 935523 20682->20685 20701 924723 RtlAllocateHeap __fread_nolock __Getctype 20683->20701 20686 935541 20685->20686 20687 92e17d 2 API calls 20685->20687 20696 934fe1 20686->20696 20687->20686 20690 9355a0 20692 935609 WriteFile 20690->20692 20690->20694 20691 935559 20691->20694 20702 934bb2 RtlAllocateHeap RtlAllocateHeap std::locale::_Init std::_Locinfo::_Locinfo_dtor _ValidateLocalCookies 20691->20702 20692->20694 20694->20678 20695->20678 20703 940d44 20696->20703 20698 935021 20698->20690 20698->20691 20699 934ff3 20699->20698 20712 929d10 RtlAllocateHeap RtlAllocateHeap __fread_nolock std::_Locinfo::_Locinfo_dtor 20699->20712 20701->20694 20702->20694 20704 940d51 20703->20704 20705 940d5e 20703->20705 20713 92d23f RtlAllocateHeap __dosmaperr 20704->20713 20708 940d6a 20705->20708 20714 92d23f RtlAllocateHeap __dosmaperr 20705->20714 20707 940d56 20707->20699 20708->20699 20710 940d8b 20715 9247a0 RtlAllocateHeap __fread_nolock 20710->20715 20712->20698 20713->20707 20714->20710 20715->20707 20721 93a6de 20716->20721 20718 92e06e 20719 92e08a SetFilePointerEx 20718->20719 20720 92e076 __fread_nolock 20718->20720 20719->20720 20720->20663 20722 93a700 20721->20722 20723 93a6eb 20721->20723 20728 93a725 20722->20728 20736 92d22c RtlAllocateHeap __dosmaperr 20722->20736 20734 92d22c RtlAllocateHeap __dosmaperr 20723->20734 20726 93a6f0 20735 92d23f RtlAllocateHeap __dosmaperr 20726->20735 20728->20718 20729 93a730 20737 92d23f RtlAllocateHeap __dosmaperr 20729->20737 20730 93a6f8 20730->20718 20732 93a738 20738 9247a0 RtlAllocateHeap __fread_nolock 20732->20738 20734->20726 20735->20730 20736->20729 20737->20732 20738->20730 20739->20637 20740->20638 20742 92480d __fread_nolock 20741->20742 20743 924814 20742->20743 20744 924835 __fread_nolock 20742->20744 20751 924723 RtlAllocateHeap __fread_nolock __Getctype 20743->20751 20748 924910 20744->20748 20747 92482d 20747->20573 20752 924942 20748->20752 20750 924922 20750->20747 20751->20747 20753 924951 20752->20753 20754 924979 20752->20754 20768 924723 RtlAllocateHeap __fread_nolock __Getctype 20753->20768 20756 935f82 __fread_nolock RtlAllocateHeap 20754->20756 20757 924982 20756->20757 20765 92e11f 20757->20765 20760 924a2c 20769 924cae SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z _ValidateLocalCookies 20760->20769 20762 924a43 20763 92496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20762->20763 20770 924ae3 SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20762->20770 20763->20750 20771 92df37 20765->20771 20767 9249a0 20767->20760 20767->20762 20767->20763 20768->20763 20769->20763 20770->20763 20772 92df43 __fread_nolock 20771->20772 20773 92df86 20772->20773 20775 92dfcc 20772->20775 20776 92df4b 20772->20776 20778 924723 RtlAllocateHeap __fread_nolock __Getctype 20773->20778 20775->20776 20777 92e05c __fread_nolock 2 API calls 20775->20777 20776->20767 20777->20776 20778->20776 20780 8b06a9 20779->20780 20784 8b0585 20779->20784 20794 842270 RtlAllocateHeap __fread_nolock std::_Xinvalid_argument 20780->20794 20782 8b06ae 20795 8421d0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 20782->20795 20786 8b05e3 20784->20786 20787 8b05f0 20784->20787 20789 8b059a 20784->20789 20785 91f290 std::_Facet_Register RtlAllocateHeap 20792 8b05aa __fread_nolock std::locale::_Init 20785->20792 20786->20782 20786->20789 20791 91f290 std::_Facet_Register RtlAllocateHeap 20787->20791 20787->20792 20789->20785 20791->20792 20793 8b0667 __fread_nolock std::locale::_Init 20792->20793 20796 9247b0 RtlAllocateHeap __fread_nolock __Getctype 20792->20796 20793->20579 20794->20782 20795->20792 20799 92dc08 __fread_nolock 20797->20799 20798 92dc40 __fread_nolock 20798->20583 20799->20798 20800 92dc52 __fread_nolock 20799->20800 20801 92dc1b __fread_nolock 20799->20801 20806 92da06 20800->20806 20819 92d23f RtlAllocateHeap __dosmaperr 20801->20819 20803 92dc35 20820 9247a0 RtlAllocateHeap __fread_nolock 20803->20820 20807 92da18 __fread_nolock 20806->20807 20812 92da35 20806->20812 20808 92da25 20807->20808 20807->20812 20817 92da76 __fread_nolock 20807->20817 20880 92d23f RtlAllocateHeap __dosmaperr 20808->20880 20810 92da2a 20881 9247a0 RtlAllocateHeap __fread_nolock 20810->20881 20812->20798 20813 92dba1 __fread_nolock 20883 92d23f RtlAllocateHeap __dosmaperr 20813->20883 20816 935f82 __fread_nolock RtlAllocateHeap 20816->20817 20817->20812 20817->20813 20817->20816 20821 934623 20817->20821 20882 928a2b RtlAllocateHeap __fread_nolock __dosmaperr std::locale::_Init 20817->20882 20819->20803 20820->20798 20822 934635 20821->20822 20823 93464d 20821->20823 20884 92d22c RtlAllocateHeap __dosmaperr 20822->20884 20824 93498f 20823->20824 20829 934690 20823->20829 20908 92d22c RtlAllocateHeap __dosmaperr 20824->20908 20826 93463a 20885 92d23f RtlAllocateHeap __dosmaperr 20826->20885 20831 93469b 20829->20831 20835 934642 20829->20835 20839 9346cb 20829->20839 20830 934994 20909 92d23f RtlAllocateHeap __dosmaperr 20830->20909 20886 92d22c RtlAllocateHeap __dosmaperr 20831->20886 20834 9346a8 20910 9247a0 RtlAllocateHeap __fread_nolock 20834->20910 20835->20817 20836 9346a0 20887 92d23f RtlAllocateHeap __dosmaperr 20836->20887 20840 9346e4 20839->20840 20841 9346f1 20839->20841 20842 93471f 20839->20842 20840->20841 20848 93470d 20840->20848 20888 92d22c RtlAllocateHeap __dosmaperr 20841->20888 20891 936e2d 20842->20891 20844 9346f6 20889 92d23f RtlAllocateHeap __dosmaperr 20844->20889 20847 940d44 __fread_nolock RtlAllocateHeap 20864 93486b 20847->20864 20848->20847 20851 9346fd 20890 9247a0 RtlAllocateHeap __fread_nolock 20851->20890 20852 934739 20898 936db3 RtlAllocateHeap __dosmaperr 20852->20898 20855 9348e3 ReadFile 20857 934957 20855->20857 20858 9348fb 20855->20858 20856 934740 20859 934765 20856->20859 20860 93474a 20856->20860 20865 934964 20857->20865 20869 9348b5 20857->20869 20858->20857 20876 9348d4 20858->20876 20901 92e13d SetFilePointerEx RtlAllocateHeap __fread_nolock 20859->20901 20899 92d23f RtlAllocateHeap __dosmaperr 20860->20899 20864->20855 20871 93489b 20864->20871 20906 92d23f RtlAllocateHeap __dosmaperr 20865->20906 20866 93474f 20900 92d22c RtlAllocateHeap __dosmaperr 20866->20900 20868 934920 20904 934335 SetFilePointerEx RtlAllocateHeap __fread_nolock __dosmaperr 20868->20904 20879 934708 __fread_nolock 20869->20879 20902 92d1e5 RtlAllocateHeap __dosmaperr 20869->20902 20871->20869 20871->20876 20872 934969 20907 92d22c RtlAllocateHeap __dosmaperr 20872->20907 20875 934937 20875->20879 20905 93417b SetFilePointerEx RtlAllocateHeap __fread_nolock 20875->20905 20876->20868 20876->20875 20876->20879 20903 936db3 RtlAllocateHeap __dosmaperr 20879->20903 20880->20810 20881->20812 20882->20817 20883->20810 20884->20826 20885->20835 20886->20836 20887->20834 20888->20844 20889->20851 20890->20879 20892 936e6b 20891->20892 20896 936e3b __Getctype std::_Facet_Register 20891->20896 20911 92d23f RtlAllocateHeap __dosmaperr 20892->20911 20894 936e56 RtlAllocateHeap 20895 934730 20894->20895 20894->20896 20897 936db3 RtlAllocateHeap __dosmaperr 20895->20897 20896->20892 20896->20894 20897->20852 20898->20856 20899->20866 20900->20879 20901->20848 20902->20879 20903->20835 20904->20879 20905->20879 20906->20872 20907->20879 20908->20830 20909->20834 20910->20835 20911->20895 20913 928acf __fread_nolock 20912->20913 20914 928ad9 20913->20914 20917 928afc __fread_nolock 20913->20917 20933 924723 RtlAllocateHeap __fread_nolock __Getctype 20914->20933 20916 928af4 20916->20587 20917->20916 20919 928b5a 20917->20919 20920 928b67 20919->20920 20921 928b8a 20919->20921 20945 924723 RtlAllocateHeap __fread_nolock __Getctype 20920->20945 20923 9255d3 4 API calls 20921->20923 20931 928b82 20921->20931 20924 928ba2 20923->20924 20934 936ded 20924->20934 20927 935f82 __fread_nolock RtlAllocateHeap 20928 928bb6 20927->20928 20938 934a3f 20928->20938 20931->20916 20933->20916 20935 936e04 20934->20935 20936 928baa 20934->20936 20935->20936 20947 936db3 RtlAllocateHeap __dosmaperr 20935->20947 20936->20927 20939 934a68 20938->20939 20944 928bbd 20938->20944 20940 934ab7 20939->20940 20942 934a8f 20939->20942 20952 924723 RtlAllocateHeap __fread_nolock __Getctype 20940->20952 20948 9349ae 20942->20948 20944->20931 20946 936db3 RtlAllocateHeap __dosmaperr 20944->20946 20945->20931 20946->20931 20947->20936 20949 9349ba __fread_nolock 20948->20949 20951 9349f9 20949->20951 20953 934b12 20949->20953 20951->20944 20952->20944 20954 93a6de __fread_nolock RtlAllocateHeap 20953->20954 20955 934b22 20954->20955 20957 934b5a 20955->20957 20958 93a6de __fread_nolock RtlAllocateHeap 20955->20958 20963 934b28 20955->20963 20959 93a6de __fread_nolock RtlAllocateHeap 20957->20959 20957->20963 20960 934b51 20958->20960 20961 934b66 FindCloseChangeNotification 20959->20961 20962 93a6de __fread_nolock RtlAllocateHeap 20960->20962 20961->20963 20962->20957 20965 93a64d RtlAllocateHeap __dosmaperr 20963->20965 20964 934b80 __fread_nolock 20964->20951 20965->20964 20973 5420761 20974 5420722 GetCurrentHwProfileW 20973->20974 20976 5420753 20973->20976 20974->20976 20977 85e0a0 WSAStartup 20978 85e1a7 20977->20978 20979 85e0d8 20977->20979 20979->20978 20980 85e175 socket 20979->20980 20980->20978 20981 85e18b connect 20980->20981 20981->20978 20982 85e19d closesocket 20981->20982 20982->20978 20982->20980 21058 8429c0 RtlAllocateHeap 20494 8a3a40 20497 8a3a55 20494->20497 20495 8a3b28 GetPEB 20495->20497 20496 8a3a73 GetPEB 20496->20497 20497->20495 20497->20496 20498 8a3b9d Sleep 20497->20498 20499 8a3ae8 Sleep 20497->20499 20500 8a3bc7 20497->20500 20498->20497 20499->20497 20505 5420413 GetCurrentHwProfileW GetCurrentHwProfileW 21066 859f50 5 API calls 3 library calls 21048 8540e0 GetSystemTimePreciseAsFileTime __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __Xtime_get_ticks 21056 542036f GetCurrentHwProfileW GetCurrentHwProfileW 21068 842770 RtlAllocateHeap RtlAllocateHeap std::locale::_Init 20990 92d168 20991 92d17b __fread_nolock 20990->20991 20996 92cf4a 20991->20996 20993 92d190 20994 9244dc __fread_nolock RtlAllocateHeap 20993->20994 20995 92d19d 20994->20995 20997 92cf80 20996->20997 20998 92cf58 20996->20998 20997->20993 20998->20997 20999 92cf87 20998->20999 21000 92cf65 20998->21000 21004 92cea3 20999->21004 21008 924723 RtlAllocateHeap __fread_nolock __Getctype 21000->21008 21003 92cfbf 21003->20993 21005 92ceaf __fread_nolock 21004->21005 21009 92cefe 21005->21009 21007 92ceca 21007->21003 21008->20997 21016 938644 21009->21016 21015 92cf40 21015->21007 21033 938606 21016->21033 21018 938655 21019 936e2d __fread_nolock 2 API calls 21018->21019 21022 92cf16 21018->21022 21020 9386ae 21019->21020 21040 936db3 RtlAllocateHeap __dosmaperr 21020->21040 21023 92cfc1 21022->21023 21025 92cfd3 21023->21025 21027 92cf34 21023->21027 21024 92cfe1 21041 924723 RtlAllocateHeap __fread_nolock __Getctype 21024->21041 21025->21024 21025->21027 21030 92d017 std::locale::_Init 21025->21030 21032 9386ef SetFilePointerEx WriteFile RtlAllocateHeap RtlAllocateHeap 21027->21032 21028 9255d3 4 API calls 21028->21030 21029 935f82 __fread_nolock RtlAllocateHeap 21029->21030 21030->21027 21030->21028 21030->21029 21031 93538b 4 API calls 21030->21031 21031->21030 21032->21015 21034 938612 21033->21034 21035 93863c 21034->21035 21036 935f82 __fread_nolock RtlAllocateHeap 21034->21036 21035->21018 21037 93862d 21036->21037 21038 940d44 __fread_nolock RtlAllocateHeap 21037->21038 21039 938633 21038->21039 21039->21018 21040->21022 21041->21027

                                  Executed Functions

                                  Function 008A3A40 Relevance: 2.7, APIs: 2, Instructions: 157sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 134 8a3a40-8a3a52 135 8a3a55-8a3a61 134->135 137 8a3b28-8a3b31 GetPEB 135->137 138 8a3a67-8a3a6d 135->138 139 8a3b34-8a3b48 137->139 138->137 140 8a3a73-8a3a7f GetPEB 138->140 141 8a3b4a-8a3b4f 139->141 142 8a3b99-8a3b9b 139->142 143 8a3a80-8a3a94 140->143 141->142 144 8a3b51-8a3b59 141->144 142->139 145 8a3a96-8a3a9b 143->145 146 8a3ae4-8a3ae6 143->146 147 8a3b60-8a3b73 144->147 145->146 148 8a3a9d-8a3aa3 145->148 146->143 149 8a3b92-8a3b97 147->149 150 8a3b75-8a3b88 147->150 151 8a3aa5-8a3ab8 148->151 149->142 149->147 150->150 154 8a3b8a-8a3b90 150->154 152 8a3aba 151->152 153 8a3add-8a3ae2 151->153 156 8a3ac0-8a3ad3 152->156 153->146 153->151 154->149 155 8a3b9d-8a3bc2 Sleep 154->155 155->135 156->156 157 8a3ad5-8a3adb 156->157 157->153 158 8a3ae8-8a3b0d Sleep 157->158 159 8a3b13-8a3b1a 158->159 159->137 160 8a3b1c-8a3b22 159->160 160->137 161 8a3bc7-8a3bd8 call 846bd0 160->161 164 8a3bda-8a3bdc 161->164 165 8a3bde 161->165 166 8a3be0-8a3bfd call 846bd0 164->166 165->166
                                  APIs
                                  • Sleep.KERNELBASE(000003E9,?,00000001,00000000,?,?,?,?,?,?,?,?,008A3DB6), ref: 008A3B08
                                  • Sleep.KERNELBASE(00000001,?,00000001,00000000,?,?,?,?,?,?,?,?,008A3DB6), ref: 008A3BBA
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: 9b91ab8d305fed6471ee1dbb4673928e1487e7ad3a9c28e0106504d716e1d999
                                  • Instruction ID: ea9890bb2c50438c5bbdbe42f4325e4a9d904da896c64ea34d90091b03cfaa73
                                  • Opcode Fuzzy Hash: 9b91ab8d305fed6471ee1dbb4673928e1487e7ad3a9c28e0106504d716e1d999
                                  • Instruction Fuzzy Hash: 2451DC35A046298FDB24CF48C4D0EA9B3B2FF46714B28449AE445AF711D731FE06CB90
                                  Function 0085E0A0 Relevance: 6.1, APIs: 4, Instructions: 100networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 85e0a0-85e0d2 WSAStartup 1 85e1b7-85e1c0 0->1 2 85e0d8-85e102 call 846bd0 * 2 0->2 7 85e104-85e108 2->7 8 85e10e-85e165 2->8 7->1 7->8 10 85e167-85e16d 8->10 11 85e1b1-85e1b6 8->11 12 85e1c5-85e1cf 10->12 13 85e16f 10->13 11->1 12->11 18 85e1d1-85e1d9 12->18 15 85e175-85e189 socket 13->15 15->11 17 85e18b-85e19b connect 15->17 19 85e1c1 17->19 20 85e19d-85e1a5 closesocket 17->20 19->12 20->15 21 85e1a7-85e1ab 20->21 21->11
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Startupclosesocketconnectsocket
                                  • String ID:
                                  • API String ID: 3098855095-0
                                  • Opcode ID: 8529055a37e7f8f36843a259eaeaa7755c50c02c482c8fb726fa0940f237e44a
                                  • Instruction ID: 8197c484065d8c2313f41da191bc6008f7a965219fc7a25cb01504e07130c4f0
                                  • Opcode Fuzzy Hash: 8529055a37e7f8f36843a259eaeaa7755c50c02c482c8fb726fa0940f237e44a
                                  • Instruction Fuzzy Hash: 2D31AF726457006BD7209F64CC89B2BB7E8FB85336F015F19FDA8D22D0E33199088B92
                                  Function 00934623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 22 934623-934633 23 934635-934648 call 92d22c call 92d23f 22->23 24 93464d-93464f 22->24 38 9349a7 23->38 25 934655-93465b 24->25 26 93498f-93499c call 92d22c call 92d23f 24->26 25->26 29 934661-93468a 25->29 45 9349a2 call 9247a0 26->45 29->26 32 934690-934699 29->32 35 9346b3-9346b5 32->35 36 93469b-9346ae call 92d22c call 92d23f 32->36 41 93498b-93498d 35->41 42 9346bb-9346bf 35->42 36->45 43 9349aa-9349ad 38->43 41->43 42->41 46 9346c5-9346c9 42->46 45->38 46->36 49 9346cb-9346e2 46->49 50 934717-93471d 49->50 51 9346e4-9346e7 49->51 55 9346f1-934708 call 92d22c call 92d23f call 9247a0 50->55 56 93471f-934726 50->56 53 9346e9-9346ef 51->53 54 93470d-934715 51->54 53->54 53->55 58 93478a-9347a9 54->58 85 9348c2 55->85 59 93472a-934748 call 936e2d call 936db3 * 2 56->59 60 934728 56->60 62 934865-93486e call 940d44 58->62 63 9347af-9347bb 58->63 89 934765-934788 call 92e13d 59->89 90 93474a-934760 call 92d23f call 92d22c 59->90 60->59 76 934870-934882 62->76 77 9348df 62->77 63->62 67 9347c1-9347c3 63->67 67->62 72 9347c9-9347ea 67->72 72->62 73 9347ec-934802 72->73 73->62 78 934804-934806 73->78 76->77 81 934884-934893 76->81 82 9348e3-9348f9 ReadFile 77->82 78->62 83 934808-93482b 78->83 81->77 99 934895-934899 81->99 86 934957-934962 82->86 87 9348fb-934901 82->87 83->62 88 93482d-934843 83->88 91 9348c5-9348cf call 936db3 85->91 101 934964-934976 call 92d23f call 92d22c 86->101 102 93497b-93497e 86->102 87->86 93 934903 87->93 88->62 95 934845-934847 88->95 89->58 90->85 91->43 94 934906-934918 93->94 94->91 103 93491a-93491e 94->103 95->62 104 934849-934860 95->104 99->82 108 93489b-9348b3 99->108 101->85 112 934984-934986 102->112 113 9348bb-9348c1 call 92d1e5 102->113 110 934920-934930 call 934335 103->110 111 934937-934944 103->111 104->62 122 9348b5-9348ba 108->122 123 9348d4-9348dd 108->123 130 934933-934935 110->130 119 934950-934955 call 93417b 111->119 120 934946 call 93448c 111->120 112->91 113->85 131 93494b-93494e 119->131 120->131 122->113 123->94 130->91 131->130
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f21b10321b0ee3cf6adee0321c7bb1a3834313a0dc103922f02da83b651d9c98
                                  • Instruction ID: 6b62bc250a58b7d7c4c38a321715b285a4647fe16cd855820dbd4d37a272503d
                                  • Opcode Fuzzy Hash: f21b10321b0ee3cf6adee0321c7bb1a3834313a0dc103922f02da83b651d9c98
                                  • Instruction Fuzzy Hash: 63B13470E04245AFDB11DFA8E881BAEBBB9EF8A300F154158E554AB386C774AD41CF61
                                  Function 0542046E Relevance: 1.9, APIs: 1, Instructions: 412COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 169 542046e-542047a 170 54204f3-5420701 call 54206f1 169->170 171 542047c-54204d5 169->171 203 5420703-5420705 170->203 204 5420708-542070e 170->204 171->170 205 5420710-5420715 203->205 204->205 206 542072e-5420746 GetCurrentHwProfileW 205->206 208 5420753-54209f4 call 5420a04 206->208 240 5420a21-5420ab3 208->240 241 54209f6-5420a20 208->241 241->240
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5e477617c451188424ca7215d2f8b4894b44d2be62e24b4a7906200c12b5adfb
                                  • Instruction ID: 46c5d8fbeef38bd774b2207d4d3c682dde3f10a39d7ab6ae303018fe4ed739b8
                                  • Opcode Fuzzy Hash: 5e477617c451188424ca7215d2f8b4894b44d2be62e24b4a7906200c12b5adfb
                                  • Instruction Fuzzy Hash: 2181D2EB54D130BDB102D1822B6CAFA6BEFE6D67707B1C46BF40FD6502E2840A8B5131
                                  Function 054204EB Relevance: 1.9, APIs: 1, Instructions: 384COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 251 54204eb-5420701 call 54206f1 279 5420703-5420705 251->279 280 5420708-542070e 251->280 281 5420710-5420715 279->281 280->281 282 542072e-5420746 GetCurrentHwProfileW 281->282 284 5420753-54209f4 call 5420a04 282->284 316 5420a21-5420ab3 284->316 317 54209f6-5420a20 284->317 317->316
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: c5e1619361c29797fabced4292e24118b48f7c2900eda94c0f5266b0ba8546c9
                                  • Instruction ID: ef4e30edccfc678a281f1e32d42c42bd837759e0eeacfa3bd6a52bb2e2bff34b
                                  • Opcode Fuzzy Hash: c5e1619361c29797fabced4292e24118b48f7c2900eda94c0f5266b0ba8546c9
                                  • Instruction Fuzzy Hash: E271B0EB14D130BDB102D1822B6CAFA67EFE6E67707B1C46BF40FD6502E2844A8B5571
                                  Function 054204DB Relevance: 1.9, APIs: 1, Instructions: 381COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 327 54204db-5420701 call 54206f1 355 5420703-5420705 327->355 356 5420708-542070e 327->356 357 5420710-5420715 355->357 356->357 358 542072e-5420746 GetCurrentHwProfileW 357->358 360 5420753-54209f4 call 5420a04 358->360 392 5420a21-5420ab3 360->392 393 54209f6-5420a20 360->393 393->392
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 9a7e9c92939b7cdc8279cdc2a4a67b0a84dfbd40eac8b1e7c926347c2edda204
                                  • Instruction ID: b255851c00351d914efafc4fc478a00ee408074a332132142935847fd4d121d5
                                  • Opcode Fuzzy Hash: 9a7e9c92939b7cdc8279cdc2a4a67b0a84dfbd40eac8b1e7c926347c2edda204
                                  • Instruction Fuzzy Hash: 2671AEEB14D130BDB102D1822B6CAFA67AFE6D67707B1C42BF80FD6502E2844A8B5531
                                  Function 05420508 Relevance: 1.9, APIs: 1, Instructions: 379COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 403 5420508-5420701 call 54206f1 429 5420703-5420705 403->429 430 5420708-542070e 403->430 431 5420710-5420715 429->431 430->431 432 542072e-5420746 GetCurrentHwProfileW 431->432 434 5420753-54209f4 call 5420a04 432->434 466 5420a21-5420ab3 434->466 467 54209f6-5420a20 434->467 467->466
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: a44ca33af49f70bf793f51cd0259d2817dd0ac2c55ce084ff2ace67ecd0a7526
                                  • Instruction ID: 40afb04ea7bb1634914bf90cd120acbcb1c8aa9491a890e2348c699241fb397e
                                  • Opcode Fuzzy Hash: a44ca33af49f70bf793f51cd0259d2817dd0ac2c55ce084ff2ace67ecd0a7526
                                  • Instruction Fuzzy Hash: 2A71C0EB14D130BDB102D1822B6CAF76BAFE6D67707B1C46BF40FD6902D2844A8B5531
                                  Function 05420531 Relevance: 1.9, APIs: 1, Instructions: 378COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 477 5420531-5420537 478 5420518-542052c 477->478 479 5420539-542053b 477->479 480 542053d-5420701 call 54206f1 478->480 479->480 505 5420703-5420705 480->505 506 5420708-542070e 480->506 507 5420710-5420715 505->507 506->507 508 542072e-5420746 GetCurrentHwProfileW 507->508 510 5420753-54209f4 call 5420a04 508->510 542 5420a21-5420ab3 510->542 543 54209f6-5420a20 510->543 543->542
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ca75d5fe69907a120ee02dbb02c03dcb9dbf730d6a61c2b68b0988cc7c39acd
                                  • Instruction ID: 1ee8e6f07ddab2929dea6db6a412108aef15e636f4a2a8c8f8327e88d1f9ec9a
                                  • Opcode Fuzzy Hash: 4ca75d5fe69907a120ee02dbb02c03dcb9dbf730d6a61c2b68b0988cc7c39acd
                                  • Instruction Fuzzy Hash: 1371BEEB14D130BDB102D1862B6CAFB67AFE6E67707B1C42BF80FD6502D2844A8B5171
                                  Function 05420550 Relevance: 1.9, APIs: 1, Instructions: 365COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 553 5420550-5420701 call 54206f1 578 5420703-5420705 553->578 579 5420708-542070e 553->579 580 5420710-5420715 578->580 579->580 581 542072e-5420746 GetCurrentHwProfileW 580->581 583 5420753-54209f4 call 5420a04 581->583 615 5420a21-5420ab3 583->615 616 54209f6-5420a20 583->616 616->615
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: e71aa3cc0cd20acc514449f0066ba585363e6999f6a8e3a7201cd6eb2e6fe0ce
                                  • Instruction ID: 34c0a05ed3766c2e3912f35b27325995e140ce7a7d8461524ca2d05242ee445d
                                  • Opcode Fuzzy Hash: e71aa3cc0cd20acc514449f0066ba585363e6999f6a8e3a7201cd6eb2e6fe0ce
                                  • Instruction Fuzzy Hash: 2761BFEB24D130BCB102D1822B6CAFB67AFE6D67707B1C42BF40FD6502D2840A8B5531
                                  Function 05420563 Relevance: 1.9, APIs: 1, Instructions: 363COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 626 5420563-5420568 627 542056a-54205b9 626->627 628 54205bb-5420701 call 54206f1 626->628 627->628 650 5420703-5420705 628->650 651 5420708-542070e 628->651 652 5420710-5420715 650->652 651->652 653 542072e-5420746 GetCurrentHwProfileW 652->653 655 5420753-54209f4 call 5420a04 653->655 687 5420a21-5420ab3 655->687 688 54209f6-5420a20 655->688 688->687
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(00000042), ref: 0542073F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: fe9b0e7904a6e5816f88e6982fdbadaaa079006204b76f6d99e2ff7446fad6f2
                                  • Instruction ID: 6b56bad6f1e3e5d4a53ec06f92f1da7c60ce84c69a9466ccecbf6d78c45813ef
                                  • Opcode Fuzzy Hash: fe9b0e7904a6e5816f88e6982fdbadaaa079006204b76f6d99e2ff7446fad6f2
                                  • Instruction Fuzzy Hash: 1361AFEB25D130BDB102D1822B6CAFB67AFE6E67707B1C42BF40FD6502D2844A8B5171
                                  Function 05420578 Relevance: 1.9, APIs: 1, Instructions: 362COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 698 5420578-5420701 call 54206f1 719 5420703-5420705 698->719 720 5420708-542070e 698->720 721 5420710-5420715 719->721 720->721 722 542072e-5420746 GetCurrentHwProfileW 721->722 724 5420753-54209f4 call 5420a04 722->724 756 5420a21-5420ab3 724->756 757 54209f6-5420a20 724->757 757->756
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 02380ba51a93af95885919b1b7eaeb3e1701d5b1968705dddca6aa8e31d2af0b
                                  • Instruction ID: 7ff47779f44f89f6133177bca0bfc829da7afb7477cb09d0198ef9c271a24585
                                  • Opcode Fuzzy Hash: 02380ba51a93af95885919b1b7eaeb3e1701d5b1968705dddca6aa8e31d2af0b
                                  • Instruction Fuzzy Hash: 5461C0EB24D130BDB102D1826B6CAFB67AFE6E67707B1C427F80FD6502D2840A8B5171
                                  Function 054205EE Relevance: 1.9, APIs: 1, Instructions: 361COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 767 54205ee-54205f9 768 5420594-54205e8 767->768 769 54205fb-54205ff 767->769 771 5420601-5420701 call 54206f1 768->771 769->771 789 5420703-5420705 771->789 790 5420708-542070e 771->790 791 5420710-5420715 789->791 790->791 792 542072e-5420746 GetCurrentHwProfileW 791->792 794 5420753-54209f4 call 5420a04 792->794 826 5420a21-5420ab3 794->826 827 54209f6-5420a20 794->827 827->826
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 305366f84d2bab17d526edb0b90a0a0dece6107af837fc64072f6351856a1796
                                  • Instruction ID: 94069edf2bd2d1c5d29b3d654ebe84119e50512dd8b63f614e22634c34ebb4eb
                                  • Opcode Fuzzy Hash: 305366f84d2bab17d526edb0b90a0a0dece6107af837fc64072f6351856a1796
                                  • Instruction Fuzzy Hash: 9861BFEB24D130BCB102D1822B6CAFB67AFE6D67707B1C42BF40FD6502E2844A8B5571
                                  Function 054205A7 Relevance: 1.9, APIs: 1, Instructions: 355COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 837 54205a7-54205aa 838 54205f8 837->838 839 54205ac-54205d9 837->839 841 54205da-54205e8 838->841 842 54205fa-54205ff 838->842 839->841 844 5420601-5420701 call 54206f1 841->844 842->844 860 5420703-5420705 844->860 861 5420708-542070e 844->861 862 5420710-5420715 860->862 861->862 863 542072e-5420746 GetCurrentHwProfileW 862->863 865 5420753-54209f4 call 5420a04 863->865 897 5420a21-5420ab3 865->897 898 54209f6-5420a20 865->898 898->897
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(00000042), ref: 0542073F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 636c05ed0c3846f033d76917ec49eb618b48c25ad0949c83e9f311b84c09b38a
                                  • Instruction ID: 57febf896fe45fc64df5e221dee743fdd313e2162fc617de4d2dc2eb2e05336a
                                  • Opcode Fuzzy Hash: 636c05ed0c3846f033d76917ec49eb618b48c25ad0949c83e9f311b84c09b38a
                                  • Instruction Fuzzy Hash: 75619DEB24D130BCB112D1822B6CAFB67AFE6D67707B1C46BF40BD6502E2844A8B5571
                                  Function 0542061E Relevance: 1.8, APIs: 1, Instructions: 341COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 908 542061e-542061f 909 5420621-542062c 908->909 910 54205df-5420617 908->910 911 542062e-5420701 call 54206f1 909->911 910->911 924 5420703-5420705 911->924 925 5420708-542070e 911->925 926 5420710-5420715 924->926 925->926 927 542072e-5420746 GetCurrentHwProfileW 926->927 929 5420753-54209f4 call 5420a04 927->929 961 5420a21-5420ab3 929->961 962 54209f6-5420a20 929->962 962->961
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(00000042), ref: 0542073F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: e027330343381ce40b04dfc0badcfd5a5e88f94ab281a3a4a779587aba039e3b
                                  • Instruction ID: 2966b2abd7603ec9cb2f1fb36cb36b32a9a61a1cd7de2fd753ca5fad7a3f1ff3
                                  • Opcode Fuzzy Hash: e027330343381ce40b04dfc0badcfd5a5e88f94ab281a3a4a779587aba039e3b
                                  • Instruction Fuzzy Hash: 8F61BEEB64D130BCB102D0822B6CAFB67EFE6D67707B1C46BF40BD6502E2840A8B5571
                                  Function 0542060A Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 972 542060a-5420701 call 54206f1 985 5420703-5420705 972->985 986 5420708-542070e 972->986 987 5420710-5420715 985->987 986->987 988 542072e-5420746 GetCurrentHwProfileW 987->988 990 5420753-54209f4 call 5420a04 988->990 1022 5420a21-5420ab3 990->1022 1023 54209f6-5420a20 990->1023 1023->1022
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: c8eefc89e983d627aabfdc1394f05a9ba74640bb25a5f324c7a4c9d2da91ce7f
                                  • Instruction ID: 4d94d595b6c382136466ee78c89814b3b691409d0c9ca9be52a4680a48751d91
                                  • Opcode Fuzzy Hash: c8eefc89e983d627aabfdc1394f05a9ba74640bb25a5f324c7a4c9d2da91ce7f
                                  • Instruction Fuzzy Hash: 3051ADEB24D130BCB112D1822B6CAF767AFE6E67707B1C467F80FD6502E2844A8B5571
                                  Function 05420665 Relevance: 1.8, APIs: 1, Instructions: 305COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(00000042), ref: 0542073F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: ba46277db03843bdb8e66de7148d448ef1a3acdb4cf73eb43812457b6afcee51
                                  • Instruction ID: 6689224ba106a23e5c8048276ec5590cb0ee1411d130928f871f832041d38818
                                  • Opcode Fuzzy Hash: ba46277db03843bdb8e66de7148d448ef1a3acdb4cf73eb43812457b6afcee51
                                  • Instruction Fuzzy Hash: 0451CDEB24D130BDB212D1922B6CAFA67AFE6E67307B0C46BF40FD6502D2844A4B1571
                                  Function 05420649 Relevance: 1.8, APIs: 1, Instructions: 301COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: f0a206838be9a0179c5093ad90294ebdb0fb68451039f82ec7ef270b5aeb3da7
                                  • Instruction ID: 27540118c24e14da27ef4c9ec082e49de90b1c1dd64f69d4a02683af4e1a58ae
                                  • Opcode Fuzzy Hash: f0a206838be9a0179c5093ad90294ebdb0fb68451039f82ec7ef270b5aeb3da7
                                  • Instruction Fuzzy Hash: 7D51ADEB64D131BDB212D1822B6CAFBA7AFE6E67307B1C467F40BD5502E2840A4B1571
                                  Function 0542071A Relevance: 1.8, APIs: 1, Instructions: 301COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(00000042), ref: 0542073F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 65f2fd5b29adbd0441951b3fd5aa7f62ab0865ff16d47841204ded23d56185c7
                                  • Instruction ID: 5d6e488c0897b0df9447bb03804520d4bbe0d8f86231bdd3eaf6d5d31ef68411
                                  • Opcode Fuzzy Hash: 65f2fd5b29adbd0441951b3fd5aa7f62ab0865ff16d47841204ded23d56185c7
                                  • Instruction Fuzzy Hash: 0C5104EB54D131BDB202D1922B6CAFBABEFE6D67707B1C427F40BD5502D2840A4B4171
                                  Function 05420683 Relevance: 1.8, APIs: 1, Instructions: 289COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 820fdd7b9a4ea025f1b7862ee37b7d1e2e976cfe77cc2a84a48c6380a0e9b92a
                                  • Instruction ID: bcd1f7348eae182399bd53b86793de4f45b0fdba9eedbf1218fe960cbd865b44
                                  • Opcode Fuzzy Hash: 820fdd7b9a4ea025f1b7862ee37b7d1e2e976cfe77cc2a84a48c6380a0e9b92a
                                  • Instruction Fuzzy Hash: 0C51ADEB24D130BDB112D1822B6CAFB67AFE6E67707B1C467F80FD5902D2840A8B1571
                                  Function 0542069D Relevance: 1.8, APIs: 1, Instructions: 277COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 4804751233279091a3013f5239b500a84a8982b25d1818e9be99f25fafe836c2
                                  • Instruction ID: 24ef418a4a8778b824baa84632ff7b0ff29dd8f6bda618fe772dcec4b5826a4d
                                  • Opcode Fuzzy Hash: 4804751233279091a3013f5239b500a84a8982b25d1818e9be99f25fafe836c2
                                  • Instruction Fuzzy Hash: 5151BDEB24D130BDB102D1822B6CAFB67AFE6E67707B1C42BF80FD5502D2840A8B1571
                                  Function 054206C1 Relevance: 1.8, APIs: 1, Instructions: 271COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 2cf51903626a1860871724429578fffb6cf193f1e12f009383b7b62633039b87
                                  • Instruction ID: 2bcadb2dded9a008aa112ebbdd88a6efd14149aea108f3dfeda22059b118d74e
                                  • Opcode Fuzzy Hash: 2cf51903626a1860871724429578fffb6cf193f1e12f009383b7b62633039b87
                                  • Instruction Fuzzy Hash: DC51CFEB24D130BDB102D1822B6CAFBA7AFE6E67707B1C427F40FD5502D2840A4B1571
                                  Function 054206CD Relevance: 1.8, APIs: 1, Instructions: 271COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: be4bb27d17d61975d7b68c79307208e444c15e99b1d685cccacbc5518d8e33cd
                                  • Instruction ID: 5a70ebfd9b4d92fdca6e192882c81229499d6b65d897481d19c933892322e6d9
                                  • Opcode Fuzzy Hash: be4bb27d17d61975d7b68c79307208e444c15e99b1d685cccacbc5518d8e33cd
                                  • Instruction Fuzzy Hash: 7F51C0EB64D130BDB102D1822B6CAF7A7AFE6E67707B1C467F80FD5502E2840A4B5171
                                  Function 05420761 Relevance: 1.8, APIs: 1, Instructions: 251COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(00000042), ref: 0542073F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: bc6722716011599af85b6a34a8f6b1d61334bbc61934dfcf541e96ecf3941055
                                  • Instruction ID: 0902cbdd5801e52e4ba1065bb3a7eb8ad6041bf35904ea37ce0808f1e48e968a
                                  • Opcode Fuzzy Hash: bc6722716011599af85b6a34a8f6b1d61334bbc61934dfcf541e96ecf3941055
                                  • Instruction Fuzzy Hash: D241A1EB64D131BCB102D1922B6CAFB67AFE6E67303B1C427F80FD5502E2884A4B5571
                                  Function 054206F1 Relevance: 1.7, APIs: 1, Instructions: 249COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentHwProfileW.ADVAPI32(00000042), ref: 0542073F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp, Offset: 05420000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5420000_RageMP131.jbxd
                                  Similarity
                                  • API ID: CurrentProfile
                                  • String ID:
                                  • API String ID: 2104809126-0
                                  • Opcode ID: 014f45329c80dde5873c8161eb6891854fa53a8dd49f5e6f9cd1bc57d74b3cc8
                                  • Instruction ID: 3fdd2c7c3fbe248a5b5266bf3bf9737aab8dfddb6b355a0a0d75b8a520d70788
                                  • Opcode Fuzzy Hash: 014f45329c80dde5873c8161eb6891854fa53a8dd49f5e6f9cd1bc57d74b3cc8
                                  • Instruction Fuzzy Hash: 544190EB14D131BCB102D1822B6CAFBA7AFE6E67307B1C427F90FD5502E2844A4B5571
                                  Function 0084A210 Relevance: 1.7, APIs: 1, Instructions: 231COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: __fread_nolock
                                  • String ID:
                                  • API String ID: 2638373210-0
                                  • Opcode ID: 234ce5f35ee26f6b0f453f40ef6c663d1be6d69a3fa4712fea532310a055e8f8
                                  • Instruction ID: 8a9de4b56ffd89b1ee906538746cb88a61db45c748c7e13cc68afb378a7911fc
                                  • Opcode Fuzzy Hash: 234ce5f35ee26f6b0f453f40ef6c663d1be6d69a3fa4712fea532310a055e8f8
                                  • Instruction Fuzzy Hash: 0271357194021CABDB18DF68DC49BAEB7E8FF41700F10816DF819DB782E7B59A408792
                                  Function 0093549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000000,00929087,?,00000000,00000000,00000000,?,00000000,?,0084A3EB,00929087,00000000,0084A3EB,?,?), ref: 00935621
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: 3edb4ffc62d903df01c037133b3974433fe1b0ca375738fe1dcbeb80242a7837
                                  • Instruction ID: e8647766f815930e36ffec24aaa646ed5e18ba8d565bfc4b7aa94563c8369115
                                  • Opcode Fuzzy Hash: 3edb4ffc62d903df01c037133b3974433fe1b0ca375738fe1dcbeb80242a7837
                                  • Instruction Fuzzy Hash: 5F61C0B2904519AFDF11DFA8C885EEEBBBAAF4D308F160545F904A7215D375E9018FA0
                                  Function 00924942 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1ca5d0952c920614a067471f6a598fcd655e93ea7b0d7f65bc08396349ca8b02
                                  • Instruction ID: a83fd41d6840342f4f3c823865eef64aad5eb94fe45573810560fb840c59488d
                                  • Opcode Fuzzy Hash: 1ca5d0952c920614a067471f6a598fcd655e93ea7b0d7f65bc08396349ca8b02
                                  • Instruction Fuzzy Hash: 7151C870A00228EFDF14DF58DC85AAABFB5EF89354F248158F8499B256D371DE41CB90
                                  Function 008B0560 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 008B06AE
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID:
                                  • API String ID: 118556049-0
                                  • Opcode ID: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction ID: e67ee8b7a0130a12c992bea1da0e33a3dc0d0a9e6acba8d44ccf99c0bcbdde56
                                  • Opcode Fuzzy Hash: 318ca63d53af118050337d2617cc9b2857a3311d5737a2fcb3013cc935154a5b
                                  • Instruction Fuzzy Hash: 0841D572A002289BCB15DF68D9806DF7BA5FF85350F140669F815EB356D730ED608BE1
                                  Function 00934B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,009349F9,00000000,CF830579,00971140,0000000C,00934AB5,00928BBD,?), ref: 00934B68
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: ecf118208cacc9fa3df060cb9470d40f43ee0e5d10361a41f943094212ec0b7c
                                  • Instruction ID: b0e2844d7ab29c3f33742e3c6b71620fde2221e1ab0ab3fb309e6c5737c03d2b
                                  • Opcode Fuzzy Hash: ecf118208cacc9fa3df060cb9470d40f43ee0e5d10361a41f943094212ec0b7c
                                  • Instruction Fuzzy Hash: E811A633B4422416C32423346806B3EF7AE8FC3774F2B0209F9488B0C2EE61FC814986
                                  Function 0092E05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,00970DF8,0084A3EB,00000002,0084A3EB,00000000,?,?,?,0092E166,00000000,?,0084A3EB,00000002,00970DF8), ref: 0092E098
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FilePointer
                                  • String ID:
                                  • API String ID: 973152223-0
                                  • Opcode ID: aff84dfe6f0bca75a1bc502f1709bb8ccf4a484642d0b98d5529b9d722f5f005
                                  • Instruction ID: ecc414eb601fc125c23eae5bd4761f34488d45d5f80f2d4b9e24772469b78f57
                                  • Opcode Fuzzy Hash: aff84dfe6f0bca75a1bc502f1709bb8ccf4a484642d0b98d5529b9d722f5f005
                                  • Instruction Fuzzy Hash: D2014932655128AFCF09DF59DC49C9E3B29DF81330F240208F8509B2D0E6B2ED428BD0
                                  Function 0091F290 Relevance: 1.6, APIs: 1, Instructions: 51COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0084220E
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID:
                                  • API String ID: 2659868963-0
                                  • Opcode ID: 56600c4e13ce041046437c19c36af837acb259b7c52d405204ed1b9f4d11d4d3
                                  • Instruction ID: ee725df62c810334ae00dffd721428ab22701739eb3fec2494ed99bb94e43e8b
                                  • Opcode Fuzzy Hash: 56600c4e13ce041046437c19c36af837acb259b7c52d405204ed1b9f4d11d4d3
                                  • Instruction Fuzzy Hash: CE012B3650430DABCB14AF98EC1599A7BECDA40310B508835FA18DB551E730E990C795
                                  Function 009363F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,009291F7,00000000,?,00935D79,00000001,00000364,00000000,00000006,000000FF,?,00000000,0092D244,009289C3,009291F7,00000000), ref: 00936435
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: ed6538af59b8d6954c861b41dd61dcbd42ad8188535711874d61c6bf6d287418
                                  • Instruction ID: 5533737820bf65d0da9592118c6ae2488fa901b43e74a8d08f521baaf73876fa
                                  • Opcode Fuzzy Hash: ed6538af59b8d6954c861b41dd61dcbd42ad8188535711874d61c6bf6d287418
                                  • Instruction Fuzzy Hash: 61F08932D4512576DB226F669C0EB5B7B5D9F81774F15C551EC08961A0CA30D8114EE1
                                  Function 00936E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000000,0093D635,4D88C033,?,0093D635,00000220,?,009357EF,4D88C033), ref: 00936E60
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 51525a97cdfee054299a08840aa0bf0cea2da45db8dd4fe4a3d9a86dd9acbe40
                                  • Instruction ID: 65baeea477a46991584b586740968249d75433063ac2c00adffe79f7a416b467
                                  • Opcode Fuzzy Hash: 51525a97cdfee054299a08840aa0bf0cea2da45db8dd4fe4a3d9a86dd9acbe40
                                  • Instruction Fuzzy Hash: A7E0223A140622B6EB3136A5DC00B5B7B5DCFC23B0F048521FD09920E0CB20CC348DE8
                                  Function 05430012 Relevance: .1, Instructions: 110COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 50056c9f42d59d9961edcaa0266e154245c15b3f972784dd785e1ef9e4776059
                                  • Instruction ID: bdf57e94b693449b2a459fb6a1ccf43f51d20ad6904b41c4666c3e04022328e6
                                  • Opcode Fuzzy Hash: 50056c9f42d59d9961edcaa0266e154245c15b3f972784dd785e1ef9e4776059
                                  • Instruction Fuzzy Hash: 8C2148E620C264BED703DA11E61B8F63F6FE98B334331828BF04BCD532E251494B9165
                                  Function 05430000 Relevance: .1, Instructions: 109COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f3ddb97334cec05e977c7d5d5cb4e953367a23d6aa2889d36dabd35b60f8d55b
                                  • Instruction ID: 447e59891947beefe5ec6d2fbf1a72ab9e2197b95613e662292ddfe93df016c3
                                  • Opcode Fuzzy Hash: f3ddb97334cec05e977c7d5d5cb4e953367a23d6aa2889d36dabd35b60f8d55b
                                  • Instruction Fuzzy Hash: 5E2107E610D215BEE702D911AA0E8F62F2FE98A330330829BF04FC9532E695495B9175
                                  Function 05430040 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1b56c0b6423aa89e4a00039c3acfb5dfb7bf8d8a90402fa51187a2f6010fc569
                                  • Instruction ID: ccad19773310cebe8e3597dfb4e0796ade3c146a677af3404920ea8988f9f83b
                                  • Opcode Fuzzy Hash: 1b56c0b6423aa89e4a00039c3acfb5dfb7bf8d8a90402fa51187a2f6010fc569
                                  • Instruction Fuzzy Hash: 14216EB624C254EFD702D925D94B4F63F6BE94B330334419BE04ACB522E351851A9661
                                  Function 05430089 Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b3e2d26448a7ac06a31732ed922cfd39ed46fd8350151c9c692f499c4f4aeb9
                                  • Instruction ID: e75395d96212c086f61fe08fb968834ff19aea517853d1e1328da58edb357ad5
                                  • Opcode Fuzzy Hash: 8b3e2d26448a7ac06a31732ed922cfd39ed46fd8350151c9c692f499c4f4aeb9
                                  • Instruction Fuzzy Hash: 011127A6148214BEDB02DA55D60E4F73F6FE94B330330425BF04ACA522E792491A9666
                                  Function 05430111 Relevance: .1, Instructions: 77COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 12aec323536b3d8aa516fab9fb11b406a3114ac2bf293c4a1fbc868e916c7786
                                  • Instruction ID: 96d186be5d7cdf37b7563890f80002721dbae3ade3aecc146d9ed7e961c87753
                                  • Opcode Fuzzy Hash: 12aec323536b3d8aa516fab9fb11b406a3114ac2bf293c4a1fbc868e916c7786
                                  • Instruction Fuzzy Hash: A0012BA6149114BEDB02D555960F9F72F6FE98A7303308247F04BCC931E79245076561
                                  Function 054300C4 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f535ef68da3a3b1bff235c8a5397faa949e37bfe13bdaa318d1ff388838085e0
                                  • Instruction ID: ce4139242ddd315165b20015037e9f466c754d5aba6080e1b290de9ec8d8cbed
                                  • Opcode Fuzzy Hash: f535ef68da3a3b1bff235c8a5397faa949e37bfe13bdaa318d1ff388838085e0
                                  • Instruction Fuzzy Hash: 9A0128E7148114BFAB02E599D60F5F76F5FE58B3303308257F44ACE532E297490761A1
                                  Function 054300B6 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2a95a5679217924f5c31826f4f19e669041e5b4f7a8209d73c9270352fbbf2c
                                  • Instruction ID: dfdcb744e4e8e9c78c9079a42cd7167f5b41d0a86ae6d08b9f94bb5c2bf79ab2
                                  • Opcode Fuzzy Hash: c2a95a5679217924f5c31826f4f19e669041e5b4f7a8209d73c9270352fbbf2c
                                  • Instruction Fuzzy Hash: 0101F2EB149124BEEB02D555DA0F8F72E6FE98A3303308247F04BC9932A792490761B2
                                  Function 054300FD Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc5b4d7c4eda34cc91b1516743d59fe88df7705a7bec0c96fd77638d13b92cb0
                                  • Instruction ID: 4b0821332a1adef856f22d1b3f2b0bfae49347ba8d6ba7b241feb8fd0a0b91c1
                                  • Opcode Fuzzy Hash: dc5b4d7c4eda34cc91b1516743d59fe88df7705a7bec0c96fd77638d13b92cb0
                                  • Instruction Fuzzy Hash: D8F027E6208060ABDF02E575E64F4FB2E6F94C9220365834BF08EC9831D61789079062
                                  Function 05430166 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c36fda7927484af142eabace3c78fb21751d830226825c8e98ef7e27ce0ec9b4
                                  • Instruction ID: 629df7d245f3142915051be8de69f15e43fd13adc9131ebf18c74616b45043ea
                                  • Opcode Fuzzy Hash: c36fda7927484af142eabace3c78fb21751d830226825c8e98ef7e27ce0ec9b4
                                  • Instruction Fuzzy Hash: CCE07DE36082A5B5CF00A2B4458FDF6BF4B14DF1523084B6BB80A8DD21C20685078090
                                  Function 0543014D Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eefb5e78de6df4a08df36e424e8bddd39214c86e682b8389cc5784367b83a441
                                  • Instruction ID: 93d7d927c0cc5fac460fb6bfab16719eb866d9178bdaf44d0a529a98c3df1b4b
                                  • Opcode Fuzzy Hash: eefb5e78de6df4a08df36e424e8bddd39214c86e682b8389cc5784367b83a441
                                  • Instruction Fuzzy Hash: 39D02BD710C000F6CB42D56190CF1F23F9B65591113510247B44E88522C11B42075233
                                  Function 054301B0 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_5430000_RageMP131.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aaba4a26adc7dc4abe4b6bf81c44b88321569f2fe4ae8759637cda33a0d08f81
                                  • Instruction ID: 7b876e5eeeda9574f0a699e5b9d0b79bdfd5d65de09fda5cb482f9eb2c2b1eef
                                  • Opcode Fuzzy Hash: aaba4a26adc7dc4abe4b6bf81c44b88321569f2fe4ae8759637cda33a0d08f81
                                  • Instruction Fuzzy Hash: 20D02BD710C010F6CF41D961908F1F22FAB655A111351020BF04FC8532C21780075133

                                  Non-executed Functions

                                  Function 009284A0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction ID: f26c70ce3aed86cf07b44611a973a71378612461d28c71c71a59ea3327ca92e5
                                  • Opcode Fuzzy Hash: 4df2230cf6d2b22dd9929c0dcf2eb738a93c5ed6b64abc4e5fced81a8044e2fc
                                  • Instruction Fuzzy Hash: F5023C75E012299BDF14CFA9D8807AEFBF5FF48314F248269D919E7344DB31A9418B90
                                  Function 008AF810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008AF833
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008AF855
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008AF875
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008AF89F
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008AF90D
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 008AF959
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 008AF973
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008AFA08
                                  • std::_Facet_Register.LIBCPMT ref: 008AFA15
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                  • String ID: bad locale name$Ps
                                  • API String ID: 3375549084-1174896957
                                  • Opcode ID: 8cd6f05cd935d5273b086ae9be41728ed43b2d94433cec5bdb40eadb6bf180cb
                                  • Instruction ID: e5581424b11cc0f81d66d611584e52fa869d51cc832bb8b353fb206a7e7eb931
                                  • Opcode Fuzzy Hash: 8cd6f05cd935d5273b086ae9be41728ed43b2d94433cec5bdb40eadb6bf180cb
                                  • Instruction Fuzzy Hash: 29619FB1E012589BEB10DFE4D885BDEBBB4FF45310F184068E908E7742D739A945CB92
                                  Function 008439F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00843A58
                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00843AA4
                                  • __Getctype.LIBCPMT ref: 00843ABA
                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00843AE6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00843B7B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                  • String ID: bad locale name
                                  • API String ID: 1840309910-1405518554
                                  • Opcode ID: 387278e1df8929f4a2561618fea9984ba6f5f285b7c0675c2d8eeacf37262bd4
                                  • Instruction ID: 3d4092120c6214a17def9e170ec68ea9d3962e8d47d614eb2b2c3d6178e2e1aa
                                  • Opcode Fuzzy Hash: 387278e1df8929f4a2561618fea9984ba6f5f285b7c0675c2d8eeacf37262bd4
                                  • Instruction Fuzzy Hash: A6514DB1D0125C9BEB10DFA4D885B8EBBB8FF54314F144069E809EB341E778DA04CB61
                                  Function 00922E10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                  Download Yara Rule
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 00922E47
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00922E4F
                                  • _ValidateLocalCookies.LIBCMT ref: 00922ED8
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00922F03
                                  • _ValidateLocalCookies.LIBCMT ref: 00922F58
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: csm
                                  • API String ID: 1170836740-1018135373
                                  • Opcode ID: a7b6e3a58a422ae219933ad32ed89c5205582dbfc3012613d7288395b0cd627b
                                  • Instruction ID: 7a29819048d850f37bf1f5af102b429ae91a109b5c37f0b72d23ca51c94515e1
                                  • Opcode Fuzzy Hash: a7b6e3a58a422ae219933ad32ed89c5205582dbfc3012613d7288395b0cd627b
                                  • Instruction Fuzzy Hash: 74410830A00228BBCF10DF68E881B9EBBB9BF85324F148055F8089B396D735DE55DB90
                                  Function 008ADE70 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                  Download Yara Rule
                                  APIs
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008ADE93
                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008ADEB6
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008ADED6
                                  • std::_Facet_Register.LIBCPMT ref: 008ADF4B
                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008ADF63
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 008ADF7B
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                  • String ID:
                                  • API String ID: 2081738530-0
                                  • Opcode ID: 47257f551567a6d89b2b52da553d9d762b762ffae118b379424d3d1a36e63526
                                  • Instruction ID: 3e29fe2b18fc0478e142814730a6b86f16a1db45b95c997ce35d1de3c22cf20c
                                  • Opcode Fuzzy Hash: 47257f551567a6d89b2b52da553d9d762b762ffae118b379424d3d1a36e63526
                                  • Instruction Fuzzy Hash: 0541F272A04219DFDB14DF58D881BABBBB4FB45310F144268E81ADBB51DB31AD84CBD1
                                  Function 00844C50 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 442COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00844F72
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00844FFF
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 008450C8
                                  Strings
                                  • recursive_directory_iterator::operator++, xrefs: 0084504C
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy$___std_exception_copy
                                  • String ID: recursive_directory_iterator::operator++
                                  • API String ID: 1206660477-953255998
                                  • Opcode ID: 0d7d88e2028e1fa0861b3ab60cfc61286179762284b6b31e49b283ec6d746215
                                  • Instruction ID: 3b367bd57a8a9e2154bb8c1d60e4d8dcc418ce8ae6599b505e894c93697e1f4f
                                  • Opcode Fuzzy Hash: 0d7d88e2028e1fa0861b3ab60cfc61286179762284b6b31e49b283ec6d746215
                                  • Instruction Fuzzy Hash: 95E1F4719006089FDB28DF68D845BAEB7F9FF44710F104A2DE456D3B81DB74A944CBA1
                                  Function 00847820 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 310COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 0084799A
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00847B75
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: out_of_range$type_error
                                  • API String ID: 2659868963-3702451861
                                  • Opcode ID: adadc9d4360c0b8c5f364e6335aa997f8265b042ff1105a2e121385f7685f4f4
                                  • Instruction ID: d2a780c3a8278941e1bfbe29ba5ec41b40969a52ff81d1f4b94d264c41bad568
                                  • Opcode Fuzzy Hash: adadc9d4360c0b8c5f364e6335aa997f8265b042ff1105a2e121385f7685f4f4
                                  • Instruction Fuzzy Hash: 06C146B19042089FDB18CFA8D884B9DFBF5FF48310F14866AE419EB792E7749980CB55
                                  Function 008473B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 008475BE
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 008475CD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: at line $, column
                                  • API String ID: 4194217158-191570568
                                  • Opcode ID: 3bc2eb5c7b8a4db1944cd620a6219d4d30897a5889ab201a67dba66e513701b2
                                  • Instruction ID: d294294c7d79fe579f766ee4ae19a1081f9ca948970369a73cf1c131466a3473
                                  • Opcode Fuzzy Hash: 3bc2eb5c7b8a4db1944cd620a6219d4d30897a5889ab201a67dba66e513701b2
                                  • Instruction Fuzzy Hash: 7661C271A042099FDB18CF68DC94BADBBB6FF84300F24462CF415E7B82D774AA448B91
                                  Function 00843D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00843E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-1866435925
                                  • Opcode ID: ef647cb74d4d84cceadce87394d8df28b2c69c7cf9291b1a583e8bc4d3c349d3
                                  • Instruction ID: d2eec1a30abd01bb0e3d4405aa92677bf9b67089410fb9708ac104d344a4477e
                                  • Opcode Fuzzy Hash: ef647cb74d4d84cceadce87394d8df28b2c69c7cf9291b1a583e8bc4d3c349d3
                                  • Instruction Fuzzy Hash: 0641B6B2900209AFCB14DF58D845BAEB7F8FF49710F14852AF919D7781E774AA01CBA1
                                  Function 00843DE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00843E7F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                  • API String ID: 2659868963-1866435925
                                  • Opcode ID: c3179a82d3864173c9d9aec61c4c1f04234fcd61f0a46a89104b4b5766090831
                                  • Instruction ID: b8e314dc99320d143af26644ca1d38df9d0a2b6c6c64e5126c10b0400ca88747
                                  • Opcode Fuzzy Hash: c3179a82d3864173c9d9aec61c4c1f04234fcd61f0a46a89104b4b5766090831
                                  • Instruction Fuzzy Hash: 8421BBB29047196BC724DF58D805F96B7ECFB44310F18882AFA68C7682E774EA14CB91
                                  Function 00846F40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00847340
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_copy
                                  • String ID: parse error$parse_error
                                  • API String ID: 2659868963-1820534363
                                  • Opcode ID: d84d944e0fce3f7fb29a838fa01b081dc50cbd4fb01a342735e15e6c0cbf4f61
                                  • Instruction ID: e988ca25601d639e9184c4238d4913cdee6f27adb7d320ceec597fae1cff9223
                                  • Opcode Fuzzy Hash: d84d944e0fce3f7fb29a838fa01b081dc50cbd4fb01a342735e15e6c0cbf4f61
                                  • Instruction Fuzzy Hash: BFE15F709042488FDB18CF68C894B9DBBB2FF49304F2482ADE419EB796D7749A85CF51
                                  Function 00846C60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00846F11
                                  • ___std_exception_destroy.LIBVCRUNTIME ref: 00846F20
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ___std_exception_destroy
                                  • String ID: [json.exception.
                                  • API String ID: 4194217158-791563284
                                  • Opcode ID: 19c61378378836136b967a3085c0fbb839c1d52f31a58cc4b1d7e790216d15e2
                                  • Instruction ID: 67e5287089578a620677c81c8326136e1ad2975f265a23a32ece0c6f7116c67f
                                  • Opcode Fuzzy Hash: 19c61378378836136b967a3085c0fbb839c1d52f31a58cc4b1d7e790216d15e2
                                  • Instruction Fuzzy Hash: 23919070A002089FDB18CF68D984B9EBBF6FF45300F20866DE415EB792E775A985CB51
                                  Function 008BE440 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
                                  Download Yara Rule
                                  APIs
                                  • Concurrency::cancel_current_task.LIBCPMT ref: 008BE491
                                  Strings
                                  • type must be boolean, but is , xrefs: 008BE582
                                  • type must be string, but is , xrefs: 008BE4F8
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp, Offset: 00840000, based on PE: true
                                  • Associated: 0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmpDownload File
                                  • Associated: 0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_840000_RageMP131.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Concurrency::cancel_current_task
                                  • String ID: type must be boolean, but is $type must be string, but is
                                  • API String ID: 118556049-436076039
                                  • Opcode ID: b9e13bcfbf9e18d12b45398c7a6cf33444b7e9aa8276037e493634fc3e2c38a1
                                  • Instruction ID: c0703da12839f106ff6a90d03eabb195e907171dfe906ca9d328f5bb9202d5d0
                                  • Opcode Fuzzy Hash: b9e13bcfbf9e18d12b45398c7a6cf33444b7e9aa8276037e493634fc3e2c38a1
                                  • Instruction Fuzzy Hash: F1417CB5D0024CAFDB14EBA8E812BDE77A8FB40310F048674F419D7B82EB35A944C796