Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1531146
MD5:f8ebc97afbe5c7837b21769ee3aec946
SHA1:8270240130896bd09a36b110fb439b6772e4abfc
SHA256:de74799628f0f232d88b2045a4a2b6ea06ab2cbc3b314f5a6e8f0000bd2fd18d
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5892 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F8EBC97AFBE5C7837B21769EE3AEC946)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["studennotediw.store", "clearancek.site", "licendfilteo.site", "bathdoomgaz.store", "dissapoiznw.store", "mobbipenju.store", "eaglepawnoy.store", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:29:59.970034+020020564771Domain Observed Used for C2 Detected192.168.2.6601931.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:29:59.871420+020020564711Domain Observed Used for C2 Detected192.168.2.6498621.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:29:59.938785+020020564811Domain Observed Used for C2 Detected192.168.2.6557061.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:29:59.919408+020020564831Domain Observed Used for C2 Detected192.168.2.6563521.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:29:59.999949+020020564731Domain Observed Used for C2 Detected192.168.2.6494311.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:29:59.896600+020020564851Domain Observed Used for C2 Detected192.168.2.6587101.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:29:59.981409+020020564751Domain Observed Used for C2 Detected192.168.2.6546971.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:29:59.951452+020020564791Domain Observed Used for C2 Detected192.168.2.6576161.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-10T22:30:01.370118+020028586661Domain Observed Used for C2 Detected192.168.2.64969923.50.98.133443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com:443/profiles/76561199724331900URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.5892.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["studennotediw.store", "clearancek.site", "licendfilteo.site", "bathdoomgaz.store", "dissapoiznw.store", "mobbipenju.store", "eaglepawnoy.store", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 23.50.98.133:443 -> 192.168.2.6:49699 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00DB50FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00D7D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00D7D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00DB63B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00DB99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_00DB695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_00D7FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00D80EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00DB6094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00DB4040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00D71000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_00DAF030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00D86F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00D9D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00D842FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00D92260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00D92260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00DA23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00DA23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00DA23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00DA23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00DA23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_00DA23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_00D7A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00DB64B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00D8D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00DB1440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00D9C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_00D8B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00D9E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00D78590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00D99510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00D86536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00DB7520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00DAB650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00D9E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_00DB67EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00D9D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00DB7710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00DB5700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00D928E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_00D749A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_00D8D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00DB3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00D81ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00D75A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00DB4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00D81A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00D81BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00D83BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00DA0B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_00D8DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_00D8DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00DB9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_00D9CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00D9CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_00D9CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00DB9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00DB9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00D9AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_00D9AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_00D9EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00D97C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_00DAFC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00DB8D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_00D9FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00D9DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00D81E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_00D7BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00D86EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00D76EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_00D9AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00D95E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00D97E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00D84E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00D78FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_00D8FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00DB5FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00DB7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00DB7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00D86F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00DAFF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00D99F62

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:56352 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:55706 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:57616 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:49431 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:54697 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:49862 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:58710 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:60193 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49699 -> 23.50.98.133:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Joe Sandbox ViewIP Address: 23.50.98.133 23.50.98.133
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000002.2116109509.00000000019B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=930ddf4fb369a3d14f99e8c6; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25489Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 10 Oct 2024 20:30:01 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control+ equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/apiQ
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hf
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aU
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store:443/api
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/api(
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115993780.0000000001974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000002.2115837874.0000000001947000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/:
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2115028545.000000000197E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114764855.0000000001971000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2115028545.0000000001973000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115993780.000000000197E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115993780.0000000001974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2114990621.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2116109509.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store:443/api
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
    Source: unknownHTTPS traffic detected: 23.50.98.133:443 -> 192.168.2.6:49699 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D802280_2_00D80228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DBA0D00_2_00DBA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F0690_2_00F2F069
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB40400_2_00DB4040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2A05F0_2_00F2A05F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D710000_2_00D71000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D820300_2_00D82030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D771F00_2_00D771F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7E1A00_2_00D7E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D751600_2_00D75160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA82D00_2_00DA82D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA12D00_2_00DA12D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D712F70_2_00D712F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA23E00_2_00DA23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D713A30_2_00D713A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7B3A00_2_00D7B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E473460_2_00E47346
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7A3000_2_00D7A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA64F00_2_00DA64F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8049B0_2_00D8049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D844870_2_00D84487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9C4700_2_00D9C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8C5F00_2_00D8C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCE5B80_2_00FCE5B8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D785900_2_00D78590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D735B00_2_00D735B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F255570_2_00F25557
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F3451F0_2_00F3451F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB86F00_2_00DB86F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB86520_2_00DB8652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7164F0_2_00D7164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DAF6200_2_00DAF620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DAB8C00_2_00DAB8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DAE8A00_2_00DAE8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7A8500_2_00D7A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2687D0_2_00F2687D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA18600_2_00DA1860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2B9FC0_2_00F2B9FC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F9CC0_2_00F2F9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9098B0_2_00D9098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB89A00_2_00DB89A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EB0AA80_2_00EB0AA8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB8A800_2_00DB8A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F30A920_2_00F30A92
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB7AB00_2_00DB7AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00EF7A9A0_2_00EF7A9A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB4A400_2_00DB4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D77BF00_2_00D77BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E40B9C0_2_00E40B9C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E03B980_2_00E03B98
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8DB6F0_2_00D8DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9CCD00_2_00D9CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB6CBF0_2_00DB6CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB8C020_2_00DB8C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F35C130_2_00F35C13
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E08C150_2_00E08C15
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D98D620_2_00D98D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9FD100_2_00D9FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9DD290_2_00D9DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01004F630_2_01004F63
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7BEB00_2_00D7BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D86EBF0_2_00D86EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9AE570_2_00D9AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB8E700_2_00DB8E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D84E2A0_2_00D84E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D78FD00_2_00D78FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB7FC00_2_00DB7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00E64FFB0_2_00E64FFB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7AF100_2_00D7AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00D8D300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00D7CAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995036613036303
    Source: file.exeStatic PE information: Section: hzmblpgo ZLIB complexity 0.994986332971464
    Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@9/1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA8220 CoCreateInstance,0_2_00DA8220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1820672 > 1048576
    Source: file.exeStatic PE information: Raw size of hzmblpgo is bigger than: 0x100000 < 0x193000

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.d70000.0.unpack :EW;.rsrc :W;.idata :W; :EW;hzmblpgo:EW;ylxdtsxw:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;hzmblpgo:EW;ylxdtsxw:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1bef21 should be: 0x1c1ff1
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: hzmblpgo
    Source: file.exeStatic PE information: section name: ylxdtsxw
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105813C push eax; mov dword ptr [esp], ecx0_2_01058140
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE00A5 push ecx; mov dword ptr [esp], edx0_2_00FE00A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F770A9 push eax; ret 0_2_00F770B8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF8098 push ebp; mov dword ptr [esp], ecx0_2_00FF80B2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011FF176 push eax; mov dword ptr [esp], 6B808B0Eh0_2_011FF177
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011FF176 push 1C28C940h; mov dword ptr [esp], eax0_2_011FF1BC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011FF176 push ecx; mov dword ptr [esp], 00000014h0_2_011FF239
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011FF176 push 10788C71h; mov dword ptr [esp], ecx0_2_011FF26C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7F08A push ebx; mov dword ptr [esp], esi0_2_00F7F0D3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7F08A push edi; mov dword ptr [esp], eax0_2_00F7F137
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push ebx; mov dword ptr [esp], eax0_2_00F2F09C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push edx; mov dword ptr [esp], edi0_2_00F2F11F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push ebx; mov dword ptr [esp], edi0_2_00F2F124
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 19962434h; mov dword ptr [esp], ecx0_2_00F2F1DF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push eax; mov dword ptr [esp], ebp0_2_00F2F1F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push esi; mov dword ptr [esp], 6B14C54Dh0_2_00F2F26A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push esi; mov dword ptr [esp], 7AF8AF9Ah0_2_00F2F275
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 110B83DDh; mov dword ptr [esp], edi0_2_00F2F2A8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 4260B1E7h; mov dword ptr [esp], esi0_2_00F2F2CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 378750A1h; mov dword ptr [esp], eax0_2_00F2F2E1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 7D48A32Bh; mov dword ptr [esp], esi0_2_00F2F324
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push ebx; mov dword ptr [esp], edx0_2_00F2F334
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push ebx; mov dword ptr [esp], 51822806h0_2_00F2F3AE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 17C89709h; mov dword ptr [esp], ebx0_2_00F2F42E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 055AF9DCh; mov dword ptr [esp], esi0_2_00F2F451
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push edi; mov dword ptr [esp], 00000001h0_2_00F2F458
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 147E500Eh; mov dword ptr [esp], ebp0_2_00F2F484
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push ebp; mov dword ptr [esp], 3593B5BDh0_2_00F2F497
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push 6D8E33F3h; mov dword ptr [esp], esi0_2_00F2F4C1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push eax; mov dword ptr [esp], 7FF3F32Bh0_2_00F2F4C9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F2F069 push esi; mov dword ptr [esp], ebx0_2_00F2F4F5
    Source: file.exeStatic PE information: section name: entropy: 7.975358685069588
    Source: file.exeStatic PE information: section name: hzmblpgo entropy: 7.956175477672892

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3A07 second address: DD3A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3A808 second address: F3A80E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3A80E second address: F3A812 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3A98D second address: F3A995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3A995 second address: F3A9A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F2D346CD4E8h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3A9A2 second address: F3A9A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3A9A7 second address: F3AA05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2D346CD4F1h 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F2D346CD4F8h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 ja 00007F2D346CD4E6h 0x0000001a jnc 00007F2D346CD4E6h 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 pushad 0x00000024 jng 00007F2D346CD4F7h 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3ACDA second address: F3ACE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F2D34B8C6B6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3AE45 second address: F3AE4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E371 second address: F3E39C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 mov edi, dword ptr [ebp+122D2860h] 0x0000000e push 00000000h 0x00000010 mov di, 329Ah 0x00000014 call 00007F2D34B8C6B9h 0x00000019 push eax 0x0000001a push edx 0x0000001b jnp 00007F2D34B8C6BCh 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E39C second address: F3E3E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2D346CD4F4h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007F2D346CD4EDh 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d push edi 0x0000001e pop edi 0x0000001f pop edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E3E7 second address: F3E3ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E3ED second address: F3E3F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E3F1 second address: F3E427 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 pushad 0x00000012 jns 00007F2D34B8C6B6h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F2D34B8C6C9h 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E427 second address: F3E4A8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F2D346CD4E8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov ch, B1h 0x00000024 push 00000003h 0x00000026 mov si, BD28h 0x0000002a push 00000000h 0x0000002c sub dword ptr [ebp+122D25DAh], eax 0x00000032 push 00000003h 0x00000034 xor dword ptr [ebp+122D1C53h], edx 0x0000003a push 474C1C00h 0x0000003f push ebx 0x00000040 jne 00007F2D346CD4E8h 0x00000046 pop ebx 0x00000047 add dword ptr [esp], 78B3E400h 0x0000004e xor dword ptr [ebp+122DB619h], esi 0x00000054 lea ebx, dword ptr [ebp+1243E287h] 0x0000005a mov edx, dword ptr [ebp+122D368Eh] 0x00000060 xchg eax, ebx 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 jng 00007F2D346CD4E6h 0x0000006a jmp 00007F2D346CD4EAh 0x0000006f popad 0x00000070 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E52A second address: F3E530 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E530 second address: F3E54F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E54F second address: F3E612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 jns 00007F2D34B8C6B6h 0x0000000e pop ebx 0x0000000f popad 0x00000010 nop 0x00000011 jno 00007F2D34B8C6B9h 0x00000017 push 00000000h 0x00000019 xor edx, dword ptr [ebp+122D1F5Ah] 0x0000001f push 70A00381h 0x00000024 je 00007F2D34B8C6E4h 0x0000002a pushad 0x0000002b jmp 00007F2D34B8C6C7h 0x00000030 jmp 00007F2D34B8C6C5h 0x00000035 popad 0x00000036 xor dword ptr [esp], 70A00301h 0x0000003d jmp 00007F2D34B8C6C7h 0x00000042 push 00000003h 0x00000044 push 00000000h 0x00000046 push edi 0x00000047 call 00007F2D34B8C6B8h 0x0000004c pop edi 0x0000004d mov dword ptr [esp+04h], edi 0x00000051 add dword ptr [esp+04h], 0000001Ch 0x00000059 inc edi 0x0000005a push edi 0x0000005b ret 0x0000005c pop edi 0x0000005d ret 0x0000005e pushad 0x0000005f mov ebx, 72F15DD3h 0x00000064 mov dword ptr [ebp+122D1C06h], edi 0x0000006a popad 0x0000006b push 00000000h 0x0000006d mov esi, eax 0x0000006f push 00000003h 0x00000071 mov di, 9B58h 0x00000075 call 00007F2D34B8C6B9h 0x0000007a push eax 0x0000007b push eax 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E612 second address: F3E61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ecx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E61F second address: F3E62A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F2D34B8C6B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E62A second address: F3E63A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E63A second address: F3E64F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D34B8C6C0h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E64F second address: F3E67A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jne 00007F2D346CD4EAh 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F2D346CD4F1h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E79F second address: F3E7E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F2D34B8C6BAh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 06E65762h 0x00000012 pushad 0x00000013 mov ax, si 0x00000016 sbb ch, FFFFFFFCh 0x00000019 popad 0x0000001a push 00000003h 0x0000001c mov di, 01B0h 0x00000020 push 00000000h 0x00000022 mov ecx, dword ptr [ebp+122D1E0Fh] 0x00000028 push 00000003h 0x0000002a mov dx, ABCBh 0x0000002e call 00007F2D34B8C6B9h 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 pop eax 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E7E0 second address: F3E80A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b jmp 00007F2D346CD4EBh 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 jg 00007F2D346CD4E6h 0x0000001d pop edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3E80A second address: F3E814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2D34B8C6B6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5CBC2 second address: F5CBC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5CBC6 second address: F5CBCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5CEF4 second address: F5CEFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D07C second address: F5D080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D080 second address: F5D090 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F2D346CD4EEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D090 second address: F5D0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2D34B8C6C9h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D0B7 second address: F5D0C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F2D346CD4E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D0C1 second address: F5D0C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D0C5 second address: F5D0CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D0CF second address: F5D0D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D0D5 second address: F5D0D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5D3C1 second address: F5D3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007F2D34B8C6B6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F51A1D second address: F51A8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2D346CD4F5h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F2D346CD4F5h 0x00000016 jmp 00007F2D346CD4F9h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F2D346CD4EAh 0x00000025 push ecx 0x00000026 pop ecx 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5E53E second address: F5E564 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C7h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c js 00007F2D34B8C6B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F5EB32 second address: F5EB5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F2D346CD4EEh 0x0000000f jnl 00007F2D346CD4F2h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F60385 second address: F603A4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2D34B8C6BEh 0x00000008 je 00007F2D34B8C6B8h 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F603A4 second address: F603BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D346CD4F6h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F603BE second address: F603CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6BCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F64425 second address: F6442C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F64592 second address: F645A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2D34B8C6B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F2D34B8C6B6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6C0A5 second address: F6C0C5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2D346CD4E6h 0x00000008 jmp 00007F2D346CD4F3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6C0C5 second address: F6C0D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D34B8C6BAh 0x00000009 pop edi 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6C0D7 second address: F6C0DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F51A0C second address: F51A1D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F2D34B8C6B6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6B706 second address: F6B70E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6BDDF second address: F6BDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6BDE3 second address: F6BDEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E775 second address: F6E779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E779 second address: F6E7BF instructions: 0x00000000 rdtsc 0x00000002 js 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 1DA82042h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F2D346CD4E8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D1B16h], esi 0x00000031 call 00007F2D346CD4E9h 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7BF second address: F6E7C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7C3 second address: F6E7CD instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7CD second address: F6E7FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2D34B8C6C4h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 push eax 0x00000017 pop eax 0x00000018 pop esi 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E7FC second address: F6E802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E802 second address: F6E806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E806 second address: F6E830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a ja 00007F2D346CD4F2h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 jc 00007F2D346CD4E6h 0x0000001d pop ecx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EC82 second address: F6EC8C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2D34B8C6BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EE8D second address: F6EE93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6EE93 second address: F6EE98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F70616 second address: F70622 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F71772 second address: F7177C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2D34B8C6BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F723BE second address: F723D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D346CD4EEh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F723D0 second address: F723D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F743E8 second address: F74470 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F2D346CD4E8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 jmp 00007F2D346CD4F5h 0x00000029 push 00000000h 0x0000002b or dword ptr [ebp+122D2AB9h], edx 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007F2D346CD4E8h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d mov dword ptr [ebp+122D2218h], esi 0x00000053 xchg eax, ebx 0x00000054 push ecx 0x00000055 js 00007F2D346CD4ECh 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F74470 second address: F7448B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pushad 0x00000007 jg 00007F2D34B8C6B8h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2D34B8C6BAh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F74F67 second address: F74F6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F74F6B second address: F74FC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F2D34B8C6B8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 cld 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edi 0x0000002a mov esi, 0577297Ah 0x0000002f pop edi 0x00000030 xchg eax, ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 push ebx 0x00000034 jmp 00007F2D34B8C6C8h 0x00000039 pop ebx 0x0000003a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F74FC1 second address: F74FC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F78AF5 second address: F78AF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F78AF9 second address: F78AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F78AFF second address: F78B68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b jg 00007F2D34B8C6B8h 0x00000011 pop eax 0x00000012 nop 0x00000013 sub edi, 46E1EC9Ah 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007F2D34B8C6B8h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 push ebx 0x00000036 and edi, 1BCB1148h 0x0000003c pop ebx 0x0000003d push 00000000h 0x0000003f jmp 00007F2D34B8C6C4h 0x00000044 xchg eax, esi 0x00000045 push edi 0x00000046 push eax 0x00000047 push edx 0x00000048 push edi 0x00000049 pop edi 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7AB03 second address: F7AB6D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007F2D346CD4E6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 jnl 00007F2D346CD4E6h 0x00000017 popad 0x00000018 pop eax 0x00000019 nop 0x0000001a xor edi, dword ptr [ebp+122D3836h] 0x00000020 push 00000000h 0x00000022 mov ebx, dword ptr [ebp+122D38DEh] 0x00000028 mov dword ptr [ebp+122D1B16h], esi 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007F2D346CD4E8h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 00000018h 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a pushad 0x0000004b mov ecx, dword ptr [ebp+122D26CFh] 0x00000051 cmc 0x00000052 popad 0x00000053 xchg eax, esi 0x00000054 push ecx 0x00000055 jns 00007F2D346CD4E8h 0x0000005b pop ecx 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7AB6D second address: F7AB72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F72AFA second address: F72B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D346CD4EBh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7EE0B second address: F7EE1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D34B8C6BDh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7EE1D second address: F7EE32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F2D346CD4E6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jno 00007F2D346CD4E6h 0x00000011 popad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7F3E1 second address: F7F3E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7F3E5 second address: F7F3EF instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F81399 second address: F8143D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F2D34B8C6B8h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 call 00007F2D34B8C6C1h 0x0000002b jnl 00007F2D34B8C6C9h 0x00000031 pop ebx 0x00000032 jp 00007F2D34B8C6B7h 0x00000038 push 00000000h 0x0000003a mov di, bx 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push esi 0x00000042 call 00007F2D34B8C6B8h 0x00000047 pop esi 0x00000048 mov dword ptr [esp+04h], esi 0x0000004c add dword ptr [esp+04h], 00000016h 0x00000054 inc esi 0x00000055 push esi 0x00000056 ret 0x00000057 pop esi 0x00000058 ret 0x00000059 stc 0x0000005a push eax 0x0000005b pushad 0x0000005c push edx 0x0000005d jp 00007F2D34B8C6B6h 0x00000063 pop edx 0x00000064 push eax 0x00000065 push edx 0x00000066 jc 00007F2D34B8C6B6h 0x0000006c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8143D second address: F81441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F823A7 second address: F823AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8351E second address: F83522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F844CF second address: F84577 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnl 00007F2D34B8C6B6h 0x00000011 jmp 00007F2D34B8C6BBh 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 jmp 00007F2D34B8C6C0h 0x0000001e nop 0x0000001f push 00000000h 0x00000021 push eax 0x00000022 call 00007F2D34B8C6B8h 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c add dword ptr [esp+04h], 00000017h 0x00000034 inc eax 0x00000035 push eax 0x00000036 ret 0x00000037 pop eax 0x00000038 ret 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007F2D34B8C6B8h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 0000001Ah 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 jnp 00007F2D34B8C6BCh 0x0000005b push 00000000h 0x0000005d push esi 0x0000005e adc bh, FFFFFFF8h 0x00000061 pop edi 0x00000062 xchg eax, esi 0x00000063 jp 00007F2D34B8C6BEh 0x00000069 push eax 0x0000006a jg 00007F2D34B8C6B6h 0x00000070 pop eax 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 jmp 00007F2D34B8C6C0h 0x00000079 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F85556 second address: F85576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2D346CD4F9h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F77D6D second address: F77D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F2D34B8C6C0h 0x0000000d pushad 0x0000000e jmp 00007F2D34B8C6C6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F87382 second address: F87388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F87388 second address: F8739A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8A52C second address: F8A532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8DDEB second address: F8DDF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8DDF0 second address: F8DDF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8DDF6 second address: F8DE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F2D34B8C6BEh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8DE12 second address: F8DE18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7ACD6 second address: F7ACDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8DE18 second address: F8DE1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7ACDC second address: F7ACE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7ACE9 second address: F7ACF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F947CB second address: F947D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F93FB7 second address: F93FBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F93FBD second address: F93FC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F93FC9 second address: F94000 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F2D346CD4F2h 0x0000000f pushad 0x00000010 jmp 00007F2D346CD4F0h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94000 second address: F94008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9415D second address: F94184 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F2D346CD4F9h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94184 second address: F9418A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9432B second address: F94331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F94331 second address: F9433B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F97F4C second address: F97F56 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F97F56 second address: F97FC8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2D34B8C6C5h 0x00000008 jmp 00007F2D34B8C6BFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jnc 00007F2D34B8C6C2h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a pushad 0x0000001b pushad 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 jnl 00007F2D34B8C6C1h 0x00000027 jmp 00007F2D34B8C6BBh 0x0000002c popad 0x0000002d mov eax, dword ptr [eax] 0x0000002f jo 00007F2D34B8C6C5h 0x00000035 jmp 00007F2D34B8C6BFh 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jne 00007F2D34B8C6BCh 0x00000046 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F98082 second address: F98094 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F2D346CD4ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9DFFD second address: F9E005 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E1AB second address: F9E1E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D346CD4F3h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F2D346CD4F1h 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 popad 0x00000018 jnp 00007F2D346CD4F6h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E1E6 second address: F9E1EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E632 second address: F9E63B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E63B second address: F9E642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F9E642 second address: F9E681 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2D346CD4F4h 0x00000008 je 00007F2D346CD4E6h 0x0000000e jns 00007F2D346CD4E6h 0x00000014 popad 0x00000015 pushad 0x00000016 push edi 0x00000017 pop edi 0x00000018 jmp 00007F2D346CD4F6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA1E1F second address: FA1E2D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA1E2D second address: FA1E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA730A second address: FA731D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F2D34B8C6B6h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA731D second address: FA7345 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F2D346CD500h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007F2D346CD4F8h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA7345 second address: FA734B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA734B second address: FA734F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA734F second address: FA7359 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2D34B8C6B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6D19E second address: F6D1A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6D612 second address: DD3A07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dl, 39h 0x0000000f push dword ptr [ebp+122D0505h] 0x00000015 mov ecx, dword ptr [ebp+122D3906h] 0x0000001b call dword ptr [ebp+122D282Eh] 0x00000021 pushad 0x00000022 mov dword ptr [ebp+122D22B0h], eax 0x00000028 mov dword ptr [ebp+122D25A7h], ecx 0x0000002e xor eax, eax 0x00000030 mov dword ptr [ebp+122D1E0Fh], edi 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a cmc 0x0000003b mov dword ptr [ebp+122D389Eh], eax 0x00000041 jmp 00007F2D34B8C6BAh 0x00000046 mov esi, 0000003Ch 0x0000004b mov dword ptr [ebp+122D1E0Fh], esi 0x00000051 jng 00007F2D34B8C6BCh 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b jmp 00007F2D34B8C6C5h 0x00000060 lodsw 0x00000062 xor dword ptr [ebp+122D2337h], edx 0x00000068 add eax, dword ptr [esp+24h] 0x0000006c sub dword ptr [ebp+122D2337h], edx 0x00000072 mov ebx, dword ptr [esp+24h] 0x00000076 jnc 00007F2D34B8C6BCh 0x0000007c nop 0x0000007d jng 00007F2D34B8C6C9h 0x00000083 jmp 00007F2D34B8C6C3h 0x00000088 push eax 0x00000089 pushad 0x0000008a push ebx 0x0000008b jmp 00007F2D34B8C6BEh 0x00000090 pop ebx 0x00000091 push eax 0x00000092 push edx 0x00000093 push eax 0x00000094 push edx 0x00000095 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6D6DB second address: F6D70F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jns 00007F2D346CD505h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6D70F second address: F6D715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6D715 second address: F6D71A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6D898 second address: F6D8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push ebx 0x00000007 jmp 00007F2D34B8C6BEh 0x0000000c pop ebx 0x0000000d xchg eax, esi 0x0000000e movzx ecx, dx 0x00000011 nop 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6D8B8 second address: F6D8C6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6D8C6 second address: F6D8D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F2D34B8C6B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6DA7D second address: F6DA83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6DA83 second address: F6DA87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6DF29 second address: F6DF39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F2D346CD4E6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6DF39 second address: F6DF43 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6DF43 second address: F6DF8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2D346CD4F6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e call 00007F2D346CD4F1h 0x00000013 pushad 0x00000014 stc 0x00000015 sub cx, 8E91h 0x0000001a popad 0x0000001b pop edi 0x0000001c push 0000001Eh 0x0000001e mov edx, dword ptr [ebp+122D38A6h] 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6DF8A second address: F6DF90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6DF90 second address: F6DF95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7BE1D second address: F7BED2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F2D34B8C6C9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jg 00007F2D34B8C6D2h 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F2D34B8C6B8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Ch 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f push dword ptr fs:[00000000h] 0x00000036 jmp 00007F2D34B8C6C2h 0x0000003b mov di, dx 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 sub dword ptr [ebp+1244FA89h], ecx 0x0000004b mov eax, dword ptr [ebp+122D0169h] 0x00000051 mov edi, dword ptr [ebp+122D21F4h] 0x00000057 push FFFFFFFFh 0x00000059 mov ebx, dword ptr [ebp+122D36EEh] 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 jc 00007F2D34B8C6BCh 0x00000068 je 00007F2D34B8C6B6h 0x0000006e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F7F590 second address: F7F594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F80520 second address: F805B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c movzx edi, bx 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov dword ptr [ebp+122D1E0Fh], edi 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov edi, 063F97FBh 0x00000028 mov eax, dword ptr [ebp+122D07C9h] 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007F2D34B8C6B8h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 mov edi, dword ptr [ebp+122D2674h] 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push ebx 0x00000053 call 00007F2D34B8C6B8h 0x00000058 pop ebx 0x00000059 mov dword ptr [esp+04h], ebx 0x0000005d add dword ptr [esp+04h], 0000001Ah 0x00000065 inc ebx 0x00000066 push ebx 0x00000067 ret 0x00000068 pop ebx 0x00000069 ret 0x0000006a push edx 0x0000006b pop ebx 0x0000006c add edi, dword ptr [ebp+122D1EE8h] 0x00000072 nop 0x00000073 push eax 0x00000074 push edx 0x00000075 push esi 0x00000076 jmp 00007F2D34B8C6BCh 0x0000007b pop esi 0x0000007c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F85711 second address: F85717 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F865AD second address: F865B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8769C second address: F876A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F88633 second address: F88637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F88637 second address: F88641 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F86680 second address: F86685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F88641 second address: F8864B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F2D346CD4E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8864B second address: F8864F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F8874F second address: F88755 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F88755 second address: F8875B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E2A0 second address: F6E2A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E2A5 second address: F6E2B5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E354 second address: F6E35E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2D346CD4E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6E35E second address: F6E362 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA65F0 second address: FA660D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D346CD4F7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA660D second address: FA6616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA6616 second address: FA661A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA661A second address: FA6629 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6BBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA68D8 second address: FA68E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D346CD4EAh 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA68E8 second address: FA6900 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA6B9D second address: FA6BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FA8A65 second address: FA8AA5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F2D34B8C6B8h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2D34B8C6C7h 0x00000013 jmp 00007F2D34B8C6C9h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2D087 second address: F2D08D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F2D08D second address: F2D093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F24835 second address: F24839 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F24839 second address: F24863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D34B8C6C6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007F2D34B8C6B6h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAD407 second address: FAD411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAD411 second address: FAD417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FAD417 second address: FAD439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D346CD4F5h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F2D346CD4E6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FADE05 second address: FADE0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FADE0F second address: FADE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3FFA second address: FB3FFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3FFE second address: FB4015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D346CD4F1h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB4015 second address: FB4031 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2D34B8C6C6h 0x00000008 jmp 00007F2D34B8C6BAh 0x0000000d jc 00007F2D34B8C6B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB2A20 second address: FB2A26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB329D second address: FB32B8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2D34B8C6BFh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB32B8 second address: FB32D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3420 second address: FB3424 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB36AF second address: FB36B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB36B5 second address: FB36BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2D34B8C6B6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB36BF second address: FB36F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F2D346CD4EEh 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB36F2 second address: FB36F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB36F6 second address: FB3714 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2D346CD4E6h 0x00000008 jno 00007F2D346CD4E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jc 00007F2D346CD4EEh 0x00000016 jl 00007F2D346CD4E6h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3714 second address: FB371C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB371C second address: FB3720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3A00 second address: FB3A13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F2D34B8C6B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3A13 second address: FB3A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2D346CD4E6h 0x0000000a jg 00007F2D346CD4E6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3EB6 second address: FB3EBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3EBD second address: FB3EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB3EC3 second address: FB3ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jbe 00007F2D34B8C6B6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB274B second address: FB274F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FB274F second address: FB2755 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBC5E0 second address: FBC5FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2D346CD4F7h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBC5FC second address: FBC61A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2D34B8C6C4h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F30647 second address: F3064F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3064F second address: F3065C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F2D34B8C6BCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F3065C second address: F30660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBC033 second address: FBC03F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBC31E second address: FBC342 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F2D346CD4F4h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBE5EC second address: FBE619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007F2D34B8C6C2h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2D34B8C6C2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FBE619 second address: FBE61D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC0232 second address: FC0239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC3525 second address: FC3536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D346CD4EBh 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC37B9 second address: FC37D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D34B8C6C5h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC37D4 second address: FC37D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC83A7 second address: FC83AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC879A second address: FC879F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC879F second address: FC87BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2D34B8C6C6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC87BE second address: FC87C8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2D346CD4ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: F6DE01 second address: F6DE54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b ja 00007F2D34B8C6D6h 0x00000011 call 00007F2D34B8C6C9h 0x00000016 sub dword ptr [ebp+122DB619h], esi 0x0000001c pop edx 0x0000001d add cx, 3B56h 0x00000022 push 00000004h 0x00000024 mov ecx, esi 0x00000026 nop 0x00000027 jnl 00007F2D34B8C6C2h 0x0000002d push eax 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC8B9C second address: FC8BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D346CD4F0h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC8BB0 second address: FC8BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC8BB4 second address: FC8BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D346CD4EFh 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F2D346CD4E6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC8BD3 second address: FC8C0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6BBh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2D34B8C6BFh 0x00000013 jmp 00007F2D34B8C6C4h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC8C0A second address: FC8C16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F2D346CD4E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FC8C16 second address: FC8C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCDB6C second address: FCDB7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F2D346CD4E6h 0x0000000a jns 00007F2D346CD4E6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCDE56 second address: FCDE60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCDE60 second address: FCDE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCDE66 second address: FCDE74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jp 00007F2D34B8C6B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FCE13A second address: FCE13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD4C76 second address: FD4CB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007F2D34B8C6CFh 0x00000010 jmp 00007F2D34B8C6C3h 0x00000015 jne 00007F2D34B8C6B6h 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD4CB3 second address: FD4CB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD5CA0 second address: FD5CAE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD5CAE second address: FD5CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6520 second address: FD6524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD6524 second address: FD653D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D346CD4F0h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDAA76 second address: FDAA92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2D34B8C6B6h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F2D34B8C6BBh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDAA92 second address: FDAA96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDAA96 second address: FDAAA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 jc 00007F2D34B8C6BCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD9D85 second address: FD9D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD9D8C second address: FD9DB5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2D34B8C6C3h 0x00000008 push edx 0x00000009 jmp 00007F2D34B8C6C1h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FD9F35 second address: FD9F3F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2D346CD4E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA0B7 second address: FDA0BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA35C second address: FDA37A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007F2D346CD4ECh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 jg 00007F2D346CD4E6h 0x00000017 pop eax 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA660 second address: FDA666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA666 second address: FDA66C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA7B2 second address: FDA7D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C2h 0x00000007 jne 00007F2D34B8C6B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA7D4 second address: FDA7D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA7D8 second address: FDA7F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C1h 0x00000007 jmp 00007F2D34B8C6BAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FDA7F7 second address: FDA7FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE6EC0 second address: FE6EE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F2D34B8C6BEh 0x00000010 pushad 0x00000011 jnp 00007F2D34B8C6B6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE6EE1 second address: FE6EE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE6EE7 second address: FE6EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE7463 second address: FE7478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2D346CD4E6h 0x0000000a popad 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jg 00007F2D346CD4E6h 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE7478 second address: FE747E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE747E second address: FE7496 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2D346CD4ECh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE7496 second address: FE74A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F2D34B8C6B6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE74A9 second address: FE74AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE74AD second address: FE74C6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2D34B8C6B6h 0x00000008 jmp 00007F2D34B8C6BCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE74C6 second address: FE74D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jo 00007F2D346CD4ECh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8C71 second address: FE8C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE6A73 second address: FE6A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2D346CD4E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FF03D5 second address: FF03E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2D34B8C6B6h 0x0000000a jnp 00007F2D34B8C6B6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FEFE10 second address: FEFE15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1000282 second address: 1000286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10003D2 second address: 10003D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10003D6 second address: 10003E6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 jng 00007F2D34B8C6BEh 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10026A8 second address: 10026CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4F1h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F2D346CD4EEh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1004CA1 second address: 1004CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1004CA6 second address: 1004CAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1004CAF second address: 1004CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1011FF6 second address: 101201E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 je 00007F2D346CD4FEh 0x0000000d jmp 00007F2D346CD4F8h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101201E second address: 101202A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101380D second address: 1013811 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1013620 second address: 1013679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2D34B8C6C8h 0x0000000b popad 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2D34B8C6C0h 0x00000014 jnl 00007F2D34B8C6D7h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A287 second address: 101A291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2D346CD4E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A291 second address: 101A2A5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2D34B8C6B6h 0x00000008 jmp 00007F2D34B8C6BAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A58D second address: 101A593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A593 second address: 101A5E8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F2D34B8C6C6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F2D34B8C6BDh 0x00000011 jng 00007F2D34B8C6B6h 0x00000017 jmp 00007F2D34B8C6C8h 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 jp 00007F2D34B8C6B6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A5E8 second address: 101A5F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007F2D346CD4E6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A5F7 second address: 101A603 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F2D34B8C6B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A8D6 second address: 101A8DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101A8DA second address: 101A8E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B34F second address: 101B355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B355 second address: 101B35B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B35B second address: 101B360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B360 second address: 101B377 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D34B8C6C1h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B377 second address: 101B37B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101B37B second address: 101B3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2D34B8C6C5h 0x0000000f jbe 00007F2D34B8C6B6h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101CE5A second address: 101CE5F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101CE5F second address: 101CE7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2D34B8C6C8h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 101CE7E second address: 101CE84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10210F8 second address: 1021110 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F2D34B8C6C8h 0x00000010 jo 00007F2D34B8C6C2h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1020CCC second address: 1020CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1020CD2 second address: 1020CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102EEB8 second address: 102EED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D346CD4EFh 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jno 00007F2D346CD4E6h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 102EED8 second address: 102EEE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F2D34B8C6B6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10331A8 second address: 10331BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D346CD4ECh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103F40D second address: 103F412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 103F55F second address: 103F565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10585D9 second address: 10585DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1058B56 second address: 1058B60 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105D562 second address: 105D5DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c add edx, 29889170h 0x00000012 mov dx, 5381h 0x00000016 push 00000004h 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F2D34B8C6B8h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 sbb edx, 12350AC6h 0x00000038 call 00007F2D34B8C6B9h 0x0000003d jmp 00007F2D34B8C6C0h 0x00000042 push eax 0x00000043 push edi 0x00000044 pushad 0x00000045 pushad 0x00000046 popad 0x00000047 push ecx 0x00000048 pop ecx 0x00000049 popad 0x0000004a pop edi 0x0000004b mov eax, dword ptr [esp+04h] 0x0000004f push ebx 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105D5DC second address: 105D5E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105D5E0 second address: 105D604 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2D34B8C6B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007F2D34B8C6BEh 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105D604 second address: 105D609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105D609 second address: 105D60E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105D888 second address: 105D8D0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2D346CD4E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dx, ax 0x00000011 jc 00007F2D346CD4E9h 0x00000017 push dword ptr [ebp+122D2838h] 0x0000001d pushad 0x0000001e mov bh, dh 0x00000020 mov dword ptr [ebp+12438234h], eax 0x00000026 popad 0x00000027 push 90837F76h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F2D346CD4F5h 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105D8D0 second address: 105D8D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 105EB72 second address: 105EB82 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10608BA second address: 10608E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D34B8C6BAh 0x00000009 jmp 00007F2D34B8C6C8h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 10608E0 second address: 10608FF instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2D346CD4E6h 0x00000008 jg 00007F2D346CD4E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jnp 00007F2D346CD4E6h 0x00000017 jc 00007F2D346CD4E6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0B09 second address: 56C0B0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0B0D second address: 56C0B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0B13 second address: 56C0B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0B19 second address: 56C0B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0B1D second address: 56C0B3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add eax, ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c mov cx, 5745h 0x00000010 mov edi, eax 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 call 00007F2D34B8C6BCh 0x0000001a pop ecx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0B3F second address: 56C0BCF instructions: 0x00000000 rdtsc 0x00000002 movsx ebx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov eax, dword ptr [eax+00000860h] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F2D346CD4F8h 0x00000015 and eax, 7600F538h 0x0000001b jmp 00007F2D346CD4EBh 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F2D346CD4F8h 0x00000027 and ah, FFFFFF98h 0x0000002a jmp 00007F2D346CD4EBh 0x0000002f popfd 0x00000030 popad 0x00000031 test eax, eax 0x00000033 jmp 00007F2D346CD4F6h 0x00000038 je 00007F2DA594368Bh 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F2D346CD4ECh 0x00000046 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0BCF second address: 56C0C1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D34B8C6C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F2D34B8C6C2h 0x0000000e movzx ecx, dx 0x00000011 pop edi 0x00000012 popad 0x00000013 test byte ptr [eax+04h], 00000005h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2D34B8C6C9h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0C1B second address: 56C0C21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56C0C21 second address: 56C0C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: DD3A70 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F628F0 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: F8DE6C instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: DD397B instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: FF1A22 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 3632Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 4632Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.2115837874.000000000191E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
    Source: file.exe, 00000000.00000003.2115028545.000000000197E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2115028545.00000000019AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114764855.00000000019AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115993780.000000000197E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115993780.00000000019AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB5BB0 LdrInitializeThunk,0_2_00DB5BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exe, file.exe, 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: bProgram Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook5
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://steamcommunity.com:443/profiles/76561199724331900100%URL Reputationmalware
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		23.50.98.133
    		truetrue
      		unknown
      s-part-0017.t-0009.t-msedge.net
      		13.107.246.45
      		truefalse
        		unknown
        eaglepawnoy.store
        		unknown
        		unknowntrue
          		unknown
          bathdoomgaz.store
          		unknown
          		unknowntrue
            		unknown
            spirittunek.store
            		unknown
            		unknowntrue
              		unknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknowntrue
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknowntrue
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        bathdoomgaz.storetrue
                          		unknown
                          studennotediw.storetrue
                            		unknown
                            clearancek.sitetrue
                              		unknown
                              dissapoiznw.storetrue
                                		unknown
                                https://steamcommunity.com/profiles/76561199724331900true
                                • URL Reputation: malware
                                		unknown
                                spirittunek.storetrue
                                  		unknown
                                  licendfilteo.sitetrue
                                    		unknown
                                    eaglepawnoy.storetrue
                                      		unknown
                                      mobbipenju.storetrue
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://player.vimeo.comfile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5ffile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://help.steampowered.com/en/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://steamcommunity.com/market/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://store.steampowered.com/news/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://dissapoiznw.store:443/apifile.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://www.youtube.comfile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.google.comfile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&amp;l=englifile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://store.steampowered.com/stats/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://medal.tvfile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://s.ytimg.com;file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://login.steampowered.com/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://store.steampowered.com/legal/file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://steam.tv/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://steamcommunity.com/:file.exe, 00000000.00000002.2115837874.0000000001947000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hffile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                        • URL Reputation: malware
                                                                        		unknown
                                                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aUfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://recaptcha.netfile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://store.steampowered.com/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://steamcommunity.comfile.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://studennotediw.store:443/apifile.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://sketchfab.comfile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://lv.queniujq.cnfile.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://www.youtube.com/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://127.0.0.1:27060file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://clearancek.site:443/apiQfile.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://licendfilteo.site:443/api(file.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&afile.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://spirittunek.store:443/apifile.exe, 00000000.00000003.2114764855.000000000195E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115905068.000000000195E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://www.google.com/recaptcha/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://checkout.steampowered.com/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://help.steampowered.com/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://api.steampowered.com/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2114764855.000000000194F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://steamcommunity.com/file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2115993780.0000000001974000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://store.steampowered.com/;file.exe, 00000000.00000003.2114990621.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2116109509.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114709859.00000000019EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://store.steampowered.com/about/file.exe, 00000000.00000003.2114709859.00000000019F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                23.50.98.133
                                                                                                		steamcommunity.comUnited States
                                                                                                		16625AKAMAI-ASUStrue

                                                                                                General Information

                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1531146
                                                                                                Start date and time:2024-10-10 22:29:08 +02:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 2m 40s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:2
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:file.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.evad.winEXE@1/0@9/1
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 100%
                                                                                                HCA Information:Failed
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe
                                                                                                • Stop behavior analysis, all processes terminated

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                • VT rate limit hit for: file.exe

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                16:29:59API Interceptor4x Sleep call for process: file.exe modified

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                23.50.98.133file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                    https://u.to/UKDgIAGet hashmaliciousUnknownBrowse
                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.1070.11757.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                        SecuriteInfo.com.Trojan.PWS.Steam.37477.6298.10622.exeGet hashmaliciousVidarBrowse
                                                                                                          SecuriteInfo.com.Win32.Evo-gen.25283.30900.exeGet hashmaliciousLummaCBrowse
                                                                                                            SecuriteInfo.com.FileRepMalware.25501.25264.exeGet hashmaliciousLummaCBrowse
                                                                                                              SecuriteInfo.com.W32.PossibleThreat.3672.22783.exeGet hashmaliciousLummaCBrowse
                                                                                                                SecuriteInfo.com.Win32.Malware-gen.17837.3001.exeGet hashmaliciousLummaCBrowse
                                                                                                                  SecuriteInfo.com.Trojan.PWS.Steam.37481.30383.28482.exeGet hashmaliciousVidarBrowse

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.192.247.89
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.192.247.89
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.197.127.21
                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.197.127.21
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.102.49.254
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.102.49.254
                                                                                                                    ASmartCore_[1MB]_[unsign].exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.192.247.89
                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.102.49.254
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.192.247.89
                                                                                                                    Setup-Premium.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.192.247.89
                                                                                                                    s-part-0017.t-0009.t-msedge.netView alert details #20GBQ4J.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://www.google.com/url?q=idgSDbXAkgLGa7L2qSLC&rct=vawEe6AUsKoNw4E6MJPg&sa=t&esrc=CDYfL3wdelhUBj8tOP38&source=&cd=ymcsx0CGggtkT53VPeFH&cad=rH3FDZ76Je2tPayMlEgY&ved=YMJX5WetXo4xcMnuwKLe&uact=&url=amp/fisiopopriopreto.com.br/Get hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://anviict.com/?qvtvxymbGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://mb3.io/y6jt3ofcGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    vmsg_0101024.htmGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://load.alisonball.com.auGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://clicktime.symantec.com/15tpJCqdM9QTMPCbrFFYy?h=klzqFfVRykrA0KxCmyOSMtGNk2cnn93amKCU2afEZ8c=&u=https://www.tiktok.com/link/v2?aid%3D1988%26lang%3Den%26scene%3Dbio_url%26target%3Dhttps://www.google.ht/url?q%3Dhttps://google%25E3%2580%2582com/amp/s/cli.re/kBNkWr%23a2FyZW4ubWNjcm9ob25AdXJlbmNvLmNvbQ%3D%3D%252F%26opi%3D256371986142%26usg%3DlxfGUQNysmkDx%26source%3Dgmail%26ust%3D2908128326238375%26usg%3DAO2mBxLVnqpOjng75rOWFwZ2mBxLVnqpOqR75Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://simplexml.federalinvoice.com/uQ3xo/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.246.45
                                                                                                                    https://pearl-contol.powerappsportals.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 13.107.246.45

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.192.247.89
                                                                                                                    bc3c228ad2c13f96cb14375c3860e802.pdfGet hashmaliciousUnknownBrowse
                                                                                                                    • 95.100.50.221
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.192.247.89
                                                                                                                    original (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                    • 2.19.126.151
                                                                                                                    brayton HR Bulletin_270852_3BU4-ZSJO2U-JMY3.pdfGet hashmaliciousUnknownBrowse
                                                                                                                    • 23.203.104.175
                                                                                                                    vEOTtk6FeG.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 184.50.185.53
                                                                                                                    RFNnJGB7wy.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 96.26.27.22
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.102.49.254
                                                                                                                    Fw_ Complete with Docusign_ J929272_SOW Extension_002_09-OCT-24_201415.pdf.emlGet hashmaliciousUnknownBrowse
                                                                                                                    • 2.19.126.140
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.102.49.254

                                                                                                                    JA3 Fingerprints

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    O1cd60GrHb.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    ASmartCore_[1MB]_[unsign].exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 23.50.98.133

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    No created / dropped files found

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):7.951197063796191
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                    File name:file.exe
                                                                                                                    File size:1'820'672 bytes
                                                                                                                    MD5:f8ebc97afbe5c7837b21769ee3aec946
                                                                                                                    SHA1:8270240130896bd09a36b110fb439b6772e4abfc
                                                                                                                    SHA256:de74799628f0f232d88b2045a4a2b6ea06ab2cbc3b314f5a6e8f0000bd2fd18d
                                                                                                                    SHA512:10d818ff7e9b46ee0579081e1e23be6060f87e63210439a310f025a909c50a49c7e7c77835407ae5252f12ba7227d555cc0a9a5b07698b57185623f686bec78b
                                                                                                                    SSDEEP:49152:YRFNkFxo2oRicv4/L9GUgr5EKZZC/yU7QUAO8AHx:YRYC2w14zwtdEeZPAQNO8c
                                                                                                                    TLSH:2485331C8F6A0766E5A28F3C4B7F5AC07D386FBE54E9ED308A00326A20DB7C185D6557
                                                                                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................I...........@..........................0I.....!.....@.................................W...k..

                                                                                                                    File Icon

                                                                                                                    Icon Hash:00928e8e8686b000

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x890000
                                                                                                                    Entrypoint Section:.taggant
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:6
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:6
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:6
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    jmp 00007F2D34D9E07Ah

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    0x10000x5d0000x25e00702e06abaf52eb0bc201c91a7e0fb5f5False0.9995036613036303data7.975358685069588IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    0x600000x29c0000x2002a6643bab0fee0c4c76b78464ad1d92bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    hzmblpgo0x2fc0000x1930000x193000fc0b73e78fd1c6aecc64006bf6fa22b1False0.994986332971464data7.956175477672892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    ylxdtsxw0x48f0000x10000x40087bef65866bded7f6965bce12cbcfb0eFalse0.7373046875data5.870274292699617IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .taggant0x4900000x30000x220014f799dc5973be0cd9dedf1ce6374519False0.07433363970588236DOS executable (COM)0.762521934984566IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    kernel32.dlllstrcpy

                                                                                                                    Network Behavior

                                                                                                                    Suricata IDS Alerts

                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                    2024-10-10T22:29:59.871420+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6498621.1.1.153UDP
                                                                                                                    2024-10-10T22:29:59.896600+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6587101.1.1.153UDP
                                                                                                                    2024-10-10T22:29:59.919408+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6563521.1.1.153UDP
                                                                                                                    2024-10-10T22:29:59.938785+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6557061.1.1.153UDP
                                                                                                                    2024-10-10T22:29:59.951452+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6576161.1.1.153UDP
                                                                                                                    2024-10-10T22:29:59.970034+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6601931.1.1.153UDP
                                                                                                                    2024-10-10T22:29:59.981409+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6546971.1.1.153UDP
                                                                                                                    2024-10-10T22:29:59.999949+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6494311.1.1.153UDP
                                                                                                                    2024-10-10T22:30:01.370118+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.64969923.50.98.133443TCP

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Oct 10, 2024 22:30:00.035115957 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:00.035145998 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:00.035428047 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:00.039412022 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:00.039427042 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:00.685676098 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:00.685851097 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:00.751352072 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:00.751369953 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:00.751610041 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:00.792092085 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:00.927531004 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:00.975404978 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.370100021 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.370121002 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.370203972 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.370250940 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.370256901 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.370291948 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.370307922 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.370321989 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.370321989 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.370337963 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.370347023 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.459727049 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.459788084 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.459810972 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.459830999 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.459863901 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.459867954 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.459898949 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.462116957 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.462148905 CEST4434969923.50.98.133192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:01.462166071 CEST49699443192.168.2.623.50.98.133
                                                                                                                    Oct 10, 2024 22:30:01.462174892 CEST4434969923.50.98.133192.168.2.6

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Oct 10, 2024 22:29:59.871419907 CEST4986253192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:29:59.884550095 CEST53498621.1.1.1192.168.2.6
                                                                                                                    Oct 10, 2024 22:29:59.896600008 CEST5871053192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:29:59.909833908 CEST53587101.1.1.1192.168.2.6
                                                                                                                    Oct 10, 2024 22:29:59.919408083 CEST5635253192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:29:59.929716110 CEST53563521.1.1.1192.168.2.6
                                                                                                                    Oct 10, 2024 22:29:59.938785076 CEST5570653192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:29:59.948724985 CEST53557061.1.1.1192.168.2.6
                                                                                                                    Oct 10, 2024 22:29:59.951452017 CEST5761653192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:29:59.967828035 CEST53576161.1.1.1192.168.2.6
                                                                                                                    Oct 10, 2024 22:29:59.970033884 CEST6019353192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:29:59.979352951 CEST53601931.1.1.1192.168.2.6
                                                                                                                    Oct 10, 2024 22:29:59.981409073 CEST5469753192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:29:59.998091936 CEST53546971.1.1.1192.168.2.6
                                                                                                                    Oct 10, 2024 22:29:59.999948978 CEST4943153192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:30:00.017805099 CEST53494311.1.1.1192.168.2.6
                                                                                                                    Oct 10, 2024 22:30:00.022739887 CEST6379153192.168.2.61.1.1.1
                                                                                                                    Oct 10, 2024 22:30:00.029695988 CEST53637911.1.1.1192.168.2.6

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Oct 10, 2024 22:29:59.871419907 CEST192.168.2.61.1.1.10x6ae7Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.896600008 CEST192.168.2.61.1.1.10xea30Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.919408083 CEST192.168.2.61.1.1.10xf042Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.938785076 CEST192.168.2.61.1.1.10x5cb6Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.951452017 CEST192.168.2.61.1.1.10x10d1Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.970033884 CEST192.168.2.61.1.1.10x2e61Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.981409073 CEST192.168.2.61.1.1.10x7cceStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.999948978 CEST192.168.2.61.1.1.10xc07bStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:30:00.022739887 CEST192.168.2.61.1.1.10x3692Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Oct 10, 2024 22:29:59.884550095 CEST1.1.1.1192.168.2.60x6ae7Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.909833908 CEST1.1.1.1192.168.2.60xea30Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.929716110 CEST1.1.1.1192.168.2.60xf042Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.948724985 CEST1.1.1.1192.168.2.60x5cb6Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.967828035 CEST1.1.1.1192.168.2.60x10d1Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.979352951 CEST1.1.1.1192.168.2.60x2e61Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:29:59.998091936 CEST1.1.1.1192.168.2.60x7cceName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:30:00.017805099 CEST1.1.1.1192.168.2.60xc07bName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:30:00.029695988 CEST1.1.1.1192.168.2.60x3692No error (0)steamcommunity.com23.50.98.133A (IP address)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:30:09.992222071 CEST1.1.1.1192.168.2.60x7e67No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 10, 2024 22:30:09.992222071 CEST1.1.1.1192.168.2.60x7e67No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • steamcommunity.com

                                                                                                                    HTTPS Proxied Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.64969923.50.98.1334435892C:\Users\user\Desktop\file.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-10-10 20:30:00 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                    Host: steamcommunity.com
                                                                                                                    2024-10-10 20:30:01 UTC1870INHTTP/1.1 200 OK
                                                                                                                    Server: nginx
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Date: Thu, 10 Oct 2024 20:30:01 GMT
                                                                                                                    Content-Length: 25489
                                                                                                                    Connection: close
                                                                                                                    Set-Cookie: sessionid=930ddf4fb369a3d14f99e8c6; Path=/; Secure; SameSite=None
                                                                                                                    Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                    2024-10-10 20:30:01 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                    2024-10-10 20:30:01 UTC10062INData Raw: 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 62 75 6c 67 61 72 69 61 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 62 75 6c 67 61 72 69 61 6e 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61
                                                                                                                    Data Ascii: <a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a><a class="popup_menu_item tight" href="?l=bulgarian" onclick="ChangeLanguage( 'bulgarian' ); return fa
                                                                                                                    2024-10-10 20:30:01 UTC913INData Raw: 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0d 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 50 72 69 76 61 63 79 20 50 6f 6c 69 63 79 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 26 6e 62 73 70 3b 20 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63
                                                                                                                    Data Ascii: t="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_blank">Privacy Policy</a>&nbsp; | &nbsp;<a href="https://store.steampowered.c


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:16:29:58
                                                                                                                    Start date:10/10/2024
                                                                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                    Imagebase:0xd70000
                                                                                                                    File size:1'820'672 bytes
                                                                                                                    MD5 hash:F8EBC97AFBE5C7837B21769EE3AEC946
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:1%
                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                      Signature Coverage:57.8%
                                                                                                                      Total number of Nodes:45
                                                                                                                      Total number of Limit Nodes:5
                                                                                                                      execution_graph 20893 db50fa 20894 db5176 LoadLibraryExW 20893->20894 20896 db514c 20893->20896 20895 db518c 20894->20895 20896->20894 20897 d8049b 20898 d80227 20897->20898 20901 d80455 20898->20901 20902 d80308 20898->20902 20903 db5700 RtlFreeHeap 20898->20903 20904 db5700 RtlFreeHeap 20901->20904 20903->20901 20904->20902 20905 db64b8 20906 db63f2 20905->20906 20908 db646e 20906->20908 20909 db5bb0 LdrInitializeThunk 20906->20909 20909->20908 20910 db673d 20912 db66aa 20910->20912 20911 db6793 20912->20911 20915 db5bb0 LdrInitializeThunk 20912->20915 20914 db67b3 20915->20914 20916 d7d110 20918 d7d119 20916->20918 20917 d7d2ee ExitProcess 20918->20917 20919 db60d2 20921 db60fa 20919->20921 20920 db614e 20924 db5bb0 LdrInitializeThunk 20920->20924 20921->20920 20925 db5bb0 LdrInitializeThunk 20921->20925 20924->20920 20925->20920 20939 dad9cb 20940 dad9fb 20939->20940 20942 dada65 20940->20942 20943 db5bb0 LdrInitializeThunk 20940->20943 20943->20940 20944 db626a 20945 db628d 20944->20945 20947 db62de 20945->20947 20951 db5bb0 LdrInitializeThunk 20945->20951 20949 db636e 20947->20949 20950 db5bb0 LdrInitializeThunk 20947->20950 20950->20949 20951->20947 20952 d7fca0 20955 d7fcdc 20952->20955 20953 d7ffe4 20955->20953 20956 db3220 20955->20956 20957 db32ac 20956->20957 20958 db32a2 RtlFreeHeap 20956->20958 20959 db3236 20956->20959 20957->20953 20958->20957 20959->20958 20960 db3202 RtlAllocateHeap

                                                                                                                      Executed Functions

                                                                                                                      Function 00DB50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 25 db50fa-db514a 26 db514c-db514f 25->26 27 db5176-db5186 LoadLibraryExW 25->27 30 db5150-db5174 call db5a50 26->30 28 db52d8-db5304 27->28 29 db518c-db51b5 27->29 29->28 30->27
                                                                                                                      APIs
                                                                                                                      • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00DB5182
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad
                                                                                                                      • String ID: <I$)$<I$)$@^
                                                                                                                      • API String ID: 1029625771-935358343
                                                                                                                      • Opcode ID: ae51e72644e13bd845df1c917003f3a28e486e4c34c46f6f76e2d23e31a7bb42
                                                                                                                      • Instruction ID: ab0079fb9b6b96af20f74a8022a4986def7df53227e8e491bba432de561a861e
                                                                                                                      • Opcode Fuzzy Hash: ae51e72644e13bd845df1c917003f3a28e486e4c34c46f6f76e2d23e31a7bb42
                                                                                                                      • Instruction Fuzzy Hash: 1D218E35108386CFC300DF68E891B6AB7F4AB6A340F69882CE1C6D7352D776D915CB66
                                                                                                                      Function 00D7FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 33 d7fca0-d7fcda 34 d7fcdc-d7fcdf 33->34 35 d7fd0b-d7fe22 33->35 36 d7fce0-d7fd09 call d82690 34->36 37 d7fe24 35->37 38 d7fe5b-d7fe8c 35->38 36->35 40 d7fe30-d7fe59 call d82760 37->40 41 d7feb6-d7fecf call d80b50 38->41 42 d7fe8e-d7fe8f 38->42 40->38 50 d7fed5-d7fef8 41->50 51 d7ffe4-d7ffe6 41->51 45 d7fe90-d7feb4 call d82700 42->45 45->41 53 d7ff2b-d7ff2d 50->53 54 d7fefa 50->54 55 d801b1-d801bb 51->55 57 d7ff30-d7ff3a 53->57 56 d7ff00-d7ff29 call d827e0 54->56 56->53 59 d7ff41-d7ff49 57->59 60 d7ff3c-d7ff3f 57->60 62 d7ff4f-d7ff76 59->62 63 d801a2-d801a5 call db3220 59->63 60->57 60->59 65 d7ffab-d7ffb5 62->65 66 d7ff78 62->66 67 d801aa-d801ad 63->67 69 d7ffb7-d7ffbb 65->69 70 d7ffeb 65->70 68 d7ff80-d7ffa9 call d82840 66->68 67->55 68->65 71 d7ffc7-d7ffcb 69->71 72 d7ffed-d7ffef 70->72 74 d8019a 71->74 75 d7ffd1-d7ffd8 71->75 72->74 76 d7fff5-d8002c 72->76 74->63 78 d7ffde 75->78 79 d7ffda-d7ffdc 75->79 80 d8005b-d80065 76->80 81 d8002e-d8002f 76->81 82 d7ffc0-d7ffc5 78->82 83 d7ffe0-d7ffe2 78->83 79->78 85 d800a4 80->85 86 d80067-d8006f 80->86 84 d80030-d80059 call d828a0 81->84 82->71 82->72 83->82 84->80 88 d800a6-d800a8 85->88 87 d80087-d8008b 86->87 87->74 90 d80091-d80098 87->90 88->74 91 d800ae-d800c5 88->91 93 d8009a-d8009c 90->93 94 d8009e 90->94 95 d800fb-d80102 91->95 96 d800c7 91->96 93->94 97 d80080-d80085 94->97 98 d800a0-d800a2 94->98 100 d80130-d8013c 95->100 101 d80104-d8010d 95->101 99 d800d0-d800f9 call d82900 96->99 97->87 97->88 98->97 99->95 102 d801c2-d801c7 100->102 104 d80117-d8011b 101->104 102->63 104->74 105 d8011d-d80124 104->105 107 d8012a 105->107 108 d80126-d80128 105->108 109 d8012c-d8012e 107->109 110 d80110-d80115 107->110 108->107 109->110 110->104 111 d80141-d80143 110->111 111->74 112 d80145-d8015b 111->112 112->102 113 d8015d-d8015f 112->113 114 d80163-d80166 113->114 115 d80168-d80188 call d82030 114->115 116 d801bc 114->116 119 d8018a-d80190 115->119 120 d80192-d80198 115->120 116->102 119->114 119->120 120->102
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: J|BJ$V$VY^_$t
                                                                                                                      • API String ID: 0-3701112211
                                                                                                                      • Opcode ID: 81ebac0423f4e7c77b97196e9f8746e734e2e18debcc9509ab4b50a5d24da975
                                                                                                                      • Instruction ID: fc6389188e0fbbdc69fdb19d8f897f7594e6cb6c9cd07c17d1417cddbf52a3ff
                                                                                                                      • Opcode Fuzzy Hash: 81ebac0423f4e7c77b97196e9f8746e734e2e18debcc9509ab4b50a5d24da975
                                                                                                                      • Instruction Fuzzy Hash: 19D157745083909BD321EF189494A2FBFE1AF96B44F58881CF4C98B252D736CD49DBA2
                                                                                                                      Function 00D7D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 157 d7d110-d7d11b call db4cc0 160 d7d121-d7d130 call dac8d0 157->160 161 d7d2ee-d7d2f6 ExitProcess 157->161 165 d7d136-d7d15f 160->165 166 d7d2e9 call db56e0 160->166 170 d7d196-d7d1bf 165->170 171 d7d161 165->171 166->161 173 d7d1f6-d7d20c 170->173 174 d7d1c1 170->174 172 d7d170-d7d194 call d7d300 171->172 172->170 177 d7d20e-d7d20f 173->177 178 d7d239-d7d23b 173->178 176 d7d1d0-d7d1f4 call d7d370 174->176 176->173 183 d7d210-d7d237 call d7d3e0 177->183 179 d7d286-d7d2aa 178->179 180 d7d23d-d7d25a 178->180 186 d7d2d6 call d7e8f0 179->186 187 d7d2ac-d7d2af 179->187 180->179 185 d7d25c-d7d25f 180->185 183->178 190 d7d260-d7d284 call d7d440 185->190 195 d7d2db-d7d2dd 186->195 191 d7d2b0-d7d2d4 call d7d490 187->191 190->179 191->186 195->166 196 d7d2df-d7d2e4 call d82f10 call d80b40 195->196 196->166
                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 00D7D2F1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: 8fbbfb4752736a6f176776f019c1b8d6ffeda2812ac025cbf24725aef040eeb8
                                                                                                                      • Instruction ID: 89d796ff6cf972b2862013ffc13a62cd500540542b31b55d2090f914ea38d900
                                                                                                                      • Opcode Fuzzy Hash: 8fbbfb4752736a6f176776f019c1b8d6ffeda2812ac025cbf24725aef040eeb8
                                                                                                                      • Instruction Fuzzy Hash: AC412570409340ABC201BB68D585A2EFBF6EF52704F588C0CE5C8AB212E236D8158B7B
                                                                                                                      Function 00DB5BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 212 db5bb0-db5be2 LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      • LdrInitializeThunk.NTDLL(00DB973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00DB5BDE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                      • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                      • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                      • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                      Function 00DB695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 241 db695b-db696b call db4a20 244 db696d 241->244 245 db6981-db6a02 241->245 246 db6970-db697f 244->246 247 db6a36-db6a42 245->247 248 db6a04 245->248 246->245 246->246 250 db6a85-db6a9f 247->250 251 db6a44-db6a4f 247->251 249 db6a10-db6a34 call db73e0 248->249 249->247 253 db6a50-db6a57 251->253 255 db6a59-db6a5c 253->255 256 db6a60-db6a66 253->256 255->253 257 db6a5e 255->257 256->250 258 db6a68-db6a7d call db5bb0 256->258 257->250 260 db6a82 258->260 260->250
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 0-2766056989
                                                                                                                      • Opcode ID: f5ea6366afc26bfe2db484dfc979839129c0de3a0356170b0d18bda892f9ea3d
                                                                                                                      • Instruction ID: 503a666f45fff5e458d31db7d72941f5f9fa47c47d0b498ee04a8484039d3729
                                                                                                                      • Opcode Fuzzy Hash: f5ea6366afc26bfe2db484dfc979839129c0de3a0356170b0d18bda892f9ea3d
                                                                                                                      • Instruction Fuzzy Hash: 3A3187B0508302CFDB18DF14D890B6AB7E1EF84344F58881CE5C6A72A1E738D9448B66
                                                                                                                      Function 00D8049B Relevance: .3, Instructions: 264COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 261 d8049b-d80515 call d7c9f0 265 d80339-d8034f 261->265 266 d8045b-d80469 call db5700 261->266 267 d803fb-d80414 261->267 268 d8051c-d8051e 261->268 269 d803be 261->269 270 d803de-d803e3 261->270 271 d8035f-d80367 261->271 272 d80370-d8037e 261->272 273 d803d0-d803d7 261->273 274 d80311-d80320 261->274 275 d80472-d80477 261->275 276 d80393-d80397 261->276 277 d80356 261->277 278 d80417-d80430 261->278 279 d80308-d8030c 261->279 280 d803ec-d803f4 261->280 281 d80440-d80458 call db5700 261->281 282 d80480 261->282 283 d80242-d80244 261->283 284 d80482-d80484 261->284 285 d80246-d80260 261->285 286 d80386-d8038c 261->286 287 d80227-d8023b 261->287 265->266 265->267 265->269 265->270 265->271 265->272 265->273 265->275 265->276 265->277 265->278 265->280 265->281 265->282 265->284 265->286 266->275 267->278 288 d80520-d80b30 268->288 269->273 270->280 271->272 272->286 273->267 273->270 273->275 273->276 273->278 273->280 273->282 273->284 273->286 303 d80327-d80332 274->303 275->282 295 d803a0-d803b7 276->295 277->271 278->281 293 d8048d-d80496 279->293 280->267 280->275 280->276 280->282 280->284 281->266 289 d80296-d802bd 283->289 284->293 290 d80262 285->290 291 d80294 285->291 286->275 286->276 286->282 286->284 287->265 287->266 287->267 287->269 287->270 287->271 287->272 287->273 287->274 287->275 287->276 287->277 287->278 287->279 287->280 287->281 287->282 287->283 287->284 287->285 287->286 297 d802ea-d80301 289->297 298 d802bf 289->298 296 d80270-d80292 call d82eb0 290->296 291->289 293->288 295->266 295->267 295->269 295->270 295->273 295->275 295->276 295->278 295->280 295->281 295->282 295->284 295->286 296->291 297->265 297->266 297->267 297->269 297->270 297->271 297->272 297->273 297->274 297->275 297->276 297->277 297->278 297->279 297->280 297->281 297->282 297->284 297->286 307 d802c0-d802e8 call d82e70 298->307 303->265 303->266 303->267 303->269 303->270 303->271 303->272 303->273 303->275 303->276 303->277 303->278 303->280 303->281 303->282 303->284 303->286 307->297
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e16c8a025a98cadec55128c72adb59fe0f8e586d6c648eaa9e3969203f025018
                                                                                                                      • Instruction ID: 9d6b1c9e2d4db4decf69872841484114b50599c428116d2ee82422d9894e3ea3
                                                                                                                      • Opcode Fuzzy Hash: e16c8a025a98cadec55128c72adb59fe0f8e586d6c648eaa9e3969203f025018
                                                                                                                      • Instruction Fuzzy Hash: 71914775200B01CFD7249F25E894B26B7F6FB89310B158A6CE896CBAA1D771E815CB60
                                                                                                                      Function 00D80228 Relevance: .2, Instructions: 218COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 315 d80228-d8023b 316 d80339-d8034f 315->316 317 d8045b-d80469 call db5700 315->317 318 d803fb-d80414 315->318 319 d803be 315->319 320 d803de-d803e3 315->320 321 d8035f-d80367 315->321 322 d80370-d8037e 315->322 323 d803d0-d803d7 315->323 324 d80311-d80320 315->324 325 d80472-d80477 315->325 326 d80393-d80397 315->326 327 d80356 315->327 328 d80417-d80430 315->328 329 d80308-d8030c 315->329 330 d803ec-d803f4 315->330 331 d80440-d80458 call db5700 315->331 332 d80480 315->332 333 d80242-d80244 315->333 334 d80482-d80484 315->334 335 d80246-d80260 315->335 336 d80386-d8038c 315->336 316->317 316->318 316->319 316->320 316->321 316->322 316->323 316->325 316->326 316->327 316->328 316->330 316->331 316->332 316->334 316->336 317->325 318->328 319->323 320->330 321->322 322->336 323->318 323->320 323->325 323->326 323->328 323->330 323->332 323->334 323->336 351 d80327-d80332 324->351 325->332 343 d803a0-d803b7 326->343 327->321 328->331 341 d8048d-d80b30 329->341 330->318 330->325 330->326 330->332 330->334 331->317 337 d80296-d802bd 333->337 334->341 338 d80262 335->338 339 d80294 335->339 336->325 336->326 336->332 336->334 345 d802ea-d80301 337->345 346 d802bf 337->346 344 d80270-d80292 call d82eb0 338->344 339->337 343->317 343->318 343->319 343->320 343->323 343->325 343->326 343->328 343->330 343->331 343->332 343->334 343->336 344->339 345->316 345->317 345->318 345->319 345->320 345->321 345->322 345->323 345->324 345->325 345->326 345->327 345->328 345->329 345->330 345->331 345->332 345->334 345->336 354 d802c0-d802e8 call d82e70 346->354 351->316 351->317 351->318 351->319 351->320 351->321 351->322 351->323 351->325 351->326 351->327 351->328 351->330 351->331 351->332 351->334 351->336 354->345
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1a123f97853d6f5b6a2044100564f4e5ad9a5f6d3d6260b4933f4b9550fde416
                                                                                                                      • Instruction ID: f6db2d1de94903c900d9a1e3e2b8aef9460d087f3a51bba39f45bb354c52b623
                                                                                                                      • Opcode Fuzzy Hash: 1a123f97853d6f5b6a2044100564f4e5ad9a5f6d3d6260b4933f4b9550fde416
                                                                                                                      • Instruction Fuzzy Hash: 42715875200701DFD7249F25EC94B26BBF6FF89311F148A68E896CB662C771E819CB60
                                                                                                                      Function 00DB99D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9dcda96061d790a5ced6a56262f362847d8236f23334ae5347e3c7f2e543b86b
                                                                                                                      • Instruction ID: daf8b60961c21993f8d3fa798c6563d84500f5ebdd205e6842909bab1d7e6d62
                                                                                                                      • Opcode Fuzzy Hash: 9dcda96061d790a5ced6a56262f362847d8236f23334ae5347e3c7f2e543b86b
                                                                                                                      • Instruction Fuzzy Hash: 37417134208381EBDB149A15E8E0F6FFBE5EB85714F58881CF68A97291D331E851CB76
                                                                                                                      Function 00DB63B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: d53b3ecbfef63e55b07129913e386d06ee38f8abfe12d3adc277751eb0034dd6
                                                                                                                      • Instruction ID: 5488799489587d33cdcbf3e247f6b6116a7ba9fee20c21eebc4838cac9ca6b0d
                                                                                                                      • Opcode Fuzzy Hash: d53b3ecbfef63e55b07129913e386d06ee38f8abfe12d3adc277751eb0034dd6
                                                                                                                      • Instruction Fuzzy Hash: 5531C370649302FADA24DB04DD81F7AB7A5FB80B11F688518F182962D5D374F8518B72
                                                                                                                      Function 00D80EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 06c3b8c7bb1753913d653645f2b1a8bad3a77fe3871199e1a5cae9a198abddf9
                                                                                                                      • Instruction ID: e21d4c523e64bec22b2ec54b7790dabeab61fa1b1f459ac009d2b25ed42213a5
                                                                                                                      • Opcode Fuzzy Hash: 06c3b8c7bb1753913d653645f2b1a8bad3a77fe3871199e1a5cae9a198abddf9
                                                                                                                      • Instruction Fuzzy Hash: FC2116B490021A9FEB15DF94CC90BBEBBB1FF4A304F144848E911BB392C735A905CB64
                                                                                                                      Function 00DB3220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 202 db3220-db322f 203 db32ac-db32b0 202->203 204 db32a2-db32a6 RtlFreeHeap 202->204 205 db32a0 202->205 206 db3236-db3252 202->206 204->203 205->204 207 db3286-db3296 206->207 208 db3254 206->208 207->205 209 db3260-db3284 call db5af0 208->209 209->207
                                                                                                                      APIs
                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000), ref: 00DB32A6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3298025750-0
                                                                                                                      • Opcode ID: 70b5d70eab40321ed6b4b561fbf189186853c63d1aa1a236bf545c1e1e536cd7
                                                                                                                      • Instruction ID: c55afcef098ffd84573226e177247e84741977497c02a33166772ae3065ae378
                                                                                                                      • Opcode Fuzzy Hash: 70b5d70eab40321ed6b4b561fbf189186853c63d1aa1a236bf545c1e1e536cd7
                                                                                                                      • Instruction Fuzzy Hash: C7014B3450D341DBC701AB18E845A1EBBE8EF4A700F05881CE5C59B361D235ED60DBA6
                                                                                                                      Function 00DB3202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 213 db3202-db3211 RtlAllocateHeap
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 00DB3208
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 3dee5ecdca2a8b6f5233148275f6776d2b78a8639a9b9efa52988881dc8af214
                                                                                                                      • Instruction ID: d48bd2119a9fde40135d68be97825b2ffd811c8cbd9dd84a39a51c41bea05008
                                                                                                                      • Opcode Fuzzy Hash: 3dee5ecdca2a8b6f5233148275f6776d2b78a8639a9b9efa52988881dc8af214
                                                                                                                      • Instruction Fuzzy Hash: 25B012300401015FDA041B00EC0AF003511EB00605F900060A101441F1D1719864C564

                                                                                                                      Non-executed Functions

                                                                                                                      Function 00DA23E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
                                                                                                                      • API String ID: 0-2260822535
                                                                                                                      • Opcode ID: 56d50d7e9f2e8ba3fcb3cf3c93d0314b400908c780de50544a1686efd77a2c9a
                                                                                                                      • Instruction ID: cfedd83d5d04bedb3599c99aeecf4bce134348f73789ec21edfaabc7465c6df0
                                                                                                                      • Opcode Fuzzy Hash: 56d50d7e9f2e8ba3fcb3cf3c93d0314b400908c780de50544a1686efd77a2c9a
                                                                                                                      • Instruction Fuzzy Hash: A533CA70504B818FD7258F39C590B62BBE1BF17304F58899DE4DA8BB92C735E906CBA1
                                                                                                                      Function 00D8DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                      • API String ID: 2994545307-1418943773
                                                                                                                      • Opcode ID: d09a2b66395c7aa9d97cee58725987f23b28b761c0bf6da9680223480e392c61
                                                                                                                      • Instruction ID: 36a9f335c4051369a9593476581af4f5ebac50ad552ded227ab51b1db9c976c8
                                                                                                                      • Opcode Fuzzy Hash: d09a2b66395c7aa9d97cee58725987f23b28b761c0bf6da9680223480e392c61
                                                                                                                      • Instruction Fuzzy Hash: 97F268B05093819BD770DF14C884BABBBE6FFD5304F58482DE4C99B291E7359984CBA2
                                                                                                                      Function 00D99F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                      • API String ID: 0-1131134755
                                                                                                                      • Opcode ID: d38a9f974285f02742fd76933886867b8d05079e6709a6721b4ce3c6e9f896b3
                                                                                                                      • Instruction ID: 5825333ff8721ab29e81a774f199004ec31d420771ba6a4fd3cbe2e13155859d
                                                                                                                      • Opcode Fuzzy Hash: d38a9f974285f02742fd76933886867b8d05079e6709a6721b4ce3c6e9f896b3
                                                                                                                      • Instruction Fuzzy Hash: 9652B6B844D3858AE370CF25D581B8EBAF1BB92740F609A1DE1ED9B255DB708045CFA3
                                                                                                                      Function 00D99510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                      • API String ID: 0-655414846
                                                                                                                      • Opcode ID: 8e75d2c3ce60efde9c9acd1a98027600e2ac371cf3b300a288ee14ca8492e0a0
                                                                                                                      • Instruction ID: 607733b172bc6bc729f7d5e9cfe6dbb14891cc99c2fce91fd32a50252f1f15ba
                                                                                                                      • Opcode Fuzzy Hash: 8e75d2c3ce60efde9c9acd1a98027600e2ac371cf3b300a288ee14ca8492e0a0
                                                                                                                      • Instruction Fuzzy Hash: 24F14EB0508381ABDB10DF59D891A2BBBF4FB86B48F144D1CF4D99B252D334D948CBA6
                                                                                                                      Function 00F2F069 Relevance: 16.7, Strings: 12, Instructions: 1661COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "ow$$m($&p?w$?v' $F1sW$U9?w$bGe$t$t$B?{$pWV$tCx
                                                                                                                      • API String ID: 0-846526151
                                                                                                                      • Opcode ID: 1cc814bc7b7962fae478ec0530483d09508be60e1ea8ba541b61d61016e1f78a
                                                                                                                      • Instruction ID: bbfa9269ae3a5bba69651de001b009a4d48743061d4fe2712c2320f7b3ee1e15
                                                                                                                      • Opcode Fuzzy Hash: 1cc814bc7b7962fae478ec0530483d09508be60e1ea8ba541b61d61016e1f78a
                                                                                                                      • Instruction Fuzzy Hash: EBB24BF360C214AFE304AE2DEC85B7ABBE9EB94320F16493DEAC4C7744E57558018796
                                                                                                                      Function 00D9DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                      • API String ID: 0-1557708024
                                                                                                                      • Opcode ID: 91e737cb345551e1bc85017806d78ca34ad93d72b77e6f011173140a984d0b27
                                                                                                                      • Instruction ID: 3833f9109dd376ce77b45bdc527447ddfbf823d4b46a33b30e8d49245f618c6a
                                                                                                                      • Opcode Fuzzy Hash: 91e737cb345551e1bc85017806d78ca34ad93d72b77e6f011173140a984d0b27
                                                                                                                      • Instruction Fuzzy Hash: C792F575E00216CFDB14CF68D8516AEBBB2FF4A310F298168E456AB391D735ED41CBA0
                                                                                                                      Function 00F2687D Relevance: 11.7, Strings: 8, Instructions: 1657COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .pe7$2M~7$6m}$Fr?_$^vnk$l*n~$p&9_$]]
                                                                                                                      • API String ID: 0-2060371905
                                                                                                                      • Opcode ID: 0f0477fc8043a948185f0e9e13b587bebaa17de1fbee3811bb8e8de8bd90d803
                                                                                                                      • Instruction ID: 302c54343dbe908585a09ef99f04a528ece6288a335ebf3756deb1cea5f3e9dd
                                                                                                                      • Opcode Fuzzy Hash: 0f0477fc8043a948185f0e9e13b587bebaa17de1fbee3811bb8e8de8bd90d803
                                                                                                                      • Instruction Fuzzy Hash: BAB229F360C2149FE304AE2DEC8567ABBE9EF94320F1A453DE6C4C7744EA3598058697
                                                                                                                      Function 00D9098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                      • API String ID: 0-4102007303
                                                                                                                      • Opcode ID: 5de1155ac699b36e72f804fee608530e9a6755812b676380703a52d85db05b52
                                                                                                                      • Instruction ID: 53891fbdc3398150f64d9a555472a6dd84dd02a8cdd877b57d5a8175681ce4dd
                                                                                                                      • Opcode Fuzzy Hash: 5de1155ac699b36e72f804fee608530e9a6755812b676380703a52d85db05b52
                                                                                                                      • Instruction Fuzzy Hash: 9D627AB56083828FD730DF14D891BABBBE1FF96314F08492DE49A8B641E3759944CB63
                                                                                                                      Function 00D71000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                      • API String ID: 0-2517803157
                                                                                                                      • Opcode ID: 056759cd124c6de84186463f6026f170d292d036ca7c5ba673f73bdddff4404b
                                                                                                                      • Instruction ID: b704c8db9425ee8c8a4ac50c58e0b634d69014dd7045c74202a8f5f6b40a58e5
                                                                                                                      • Opcode Fuzzy Hash: 056759cd124c6de84186463f6026f170d292d036ca7c5ba673f73bdddff4404b
                                                                                                                      • Instruction Fuzzy Hash: E9D2D3716083918FD718CE28C49436ABBE2AFD5314F1CC62DE8D98B391E774D945CBA2
                                                                                                                      Function 00F30A92 Relevance: 10.3, Strings: 7, Instructions: 1593COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <^=?$Aoy_$\g,Q$_,Zw$d#}O$g'?]$5wv
                                                                                                                      • API String ID: 0-3580347031
                                                                                                                      • Opcode ID: aefc05c7aea516377e060aeae37199fc3278fa4e5db7ba6a02d7f27a036f6559
                                                                                                                      • Instruction ID: d985c6cd9a5a13fc81dd188cd21d4503434c497b7a4cd8ff2e97ca2e283429ac
                                                                                                                      • Opcode Fuzzy Hash: aefc05c7aea516377e060aeae37199fc3278fa4e5db7ba6a02d7f27a036f6559
                                                                                                                      • Instruction Fuzzy Hash: 34B2E7F3A0C2109FE3146E2DEC8577ABBE9EF94720F1A453DEAC4C3744EA3558058696
                                                                                                                      Function 00F2B9FC Relevance: 7.9, Strings: 5, Instructions: 1639COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -%?]$.08D$=ax6$?~N[$tRvx
                                                                                                                      • API String ID: 0-1864000635
                                                                                                                      • Opcode ID: aa1f3382b604b2b825c1b39da247db07a8621911a30a4e3e1bd42cb9d126cfa8
                                                                                                                      • Instruction ID: f60b1e54eb995640b1aae6c5a400e9adfdeb8dd3bc8f3d5290839c3b2bc4a896
                                                                                                                      • Opcode Fuzzy Hash: aa1f3382b604b2b825c1b39da247db07a8621911a30a4e3e1bd42cb9d126cfa8
                                                                                                                      • Instruction Fuzzy Hash: D7B228F3A0C2049FE3046E2DEC8567ABBE5EB94720F164A3DEAC5C3744EA3558058697
                                                                                                                      Function 00F3451F Relevance: 7.5, Strings: 5, Instructions: 1283COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: DlOh$OC>W$V.?n$h[]$}5s
                                                                                                                      • API String ID: 0-1531405024
                                                                                                                      • Opcode ID: 84a73557fb385377454bd3525b868247b6a2de6b7d17ae71710c4c6c10cb05bc
                                                                                                                      • Instruction ID: 10dcdbeb2e98b09558511b26752da916908574050b061c7ef02457e2d553d2f8
                                                                                                                      • Opcode Fuzzy Hash: 84a73557fb385377454bd3525b868247b6a2de6b7d17ae71710c4c6c10cb05bc
                                                                                                                      • Instruction Fuzzy Hash: C3822AF3A082109FE704AE2DEC8567ABBE5EF94720F16453DEAC4C7744E63598058787
                                                                                                                      Function 00D712F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0$0$0$@$i
                                                                                                                      • API String ID: 0-3124195287
                                                                                                                      • Opcode ID: 7938f7c0fdb32de9d2a7ca0128d8c65dbfdaf50d97b806ed205bce36d5e4f482
                                                                                                                      • Instruction ID: 21ca98b2d54ffb2575899ca69f6d5a235255c3ce642ab6308622f06fcc266a2c
                                                                                                                      • Opcode Fuzzy Hash: 7938f7c0fdb32de9d2a7ca0128d8c65dbfdaf50d97b806ed205bce36d5e4f482
                                                                                                                      • Instruction Fuzzy Hash: 4262CF7160C3818BD319CE28C49076ABBE1AFD5304F18CA6DE8DD87391E775D949CBA2
                                                                                                                      Function 00D7164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                      • API String ID: 0-1123320326
                                                                                                                      • Opcode ID: 41ec1d19def4530e710b008ffd8cf6aace435b35c5584065e51137d4445b5f62
                                                                                                                      • Instruction ID: bcf1d18f39b27fd9d73d12844d46439ca778faf1496733a3c2068394b319d80d
                                                                                                                      • Opcode Fuzzy Hash: 41ec1d19def4530e710b008ffd8cf6aace435b35c5584065e51137d4445b5f62
                                                                                                                      • Instruction Fuzzy Hash: BAF1A23560C3818FC719CE28C48426AFBE2AFD9304F18CA6DE4D987356E774D945CBA2
                                                                                                                      Function 00D713A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                      • API String ID: 0-3620105454
                                                                                                                      • Opcode ID: c0313ef87fce84feb507202dfe6a405a938994b17880d221965d4fc8a0f8f62e
                                                                                                                      • Instruction ID: c1ba7cf0be2e7d6a0afaf8fa109df7e193b5b0d1a940004105f1cc3fcbc62ff8
                                                                                                                      • Opcode Fuzzy Hash: c0313ef87fce84feb507202dfe6a405a938994b17880d221965d4fc8a0f8f62e
                                                                                                                      • Instruction Fuzzy Hash: 08D170356087818FC719CE29C48466AFBE2AFD9304F08CA6DE4D987356E734D949CB62
                                                                                                                      Function 00F2A05F Relevance: 6.5, Strings: 4, Instructions: 1503COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $h/;$a2w$j[$*\u
                                                                                                                      • API String ID: 0-2522094970
                                                                                                                      • Opcode ID: 603fc08a16ed9e213d1e7a07e0326b77ba0ace60e774b972b50210b5030860bc
                                                                                                                      • Instruction ID: 90972bb8be135f4f49e49f53846c0888639b088ade0148cfe5bfa14e32016410
                                                                                                                      • Opcode Fuzzy Hash: 603fc08a16ed9e213d1e7a07e0326b77ba0ace60e774b972b50210b5030860bc
                                                                                                                      • Instruction Fuzzy Hash: ECA2E6F3608204AFE3046E2DEC8567ABBE5EF94720F16893DEAC4C7744E63598418797
                                                                                                                      Function 00D9FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :$NA_I$m1s3$uvw
                                                                                                                      • API String ID: 0-3973114637
                                                                                                                      • Opcode ID: 07022671759a5896b51c40489bb6645c5010291ab7cd7bb0990c8c29060581de
                                                                                                                      • Instruction ID: 3d2f2da5a108775490f9a28b1b6df8d0f789d8bb375265c0208ec242f752e303
                                                                                                                      • Opcode Fuzzy Hash: 07022671759a5896b51c40489bb6645c5010291ab7cd7bb0990c8c29060581de
                                                                                                                      • Instruction Fuzzy Hash: 143299B4508382DFD711DF29D880B2ABBE5EB8A304F184A2CF5D58B392D335D955CB62
                                                                                                                      Function 00D83BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+($;z$p$ss
                                                                                                                      • API String ID: 0-2391135358
                                                                                                                      • Opcode ID: 703d84aeffa1748c0a7f4e7b7f3d644e4fece87bafc10ad2630e9d1b31904f65
                                                                                                                      • Instruction ID: 0102ddb2ebac221ed6df23a94381f00e2948409ac03e4c176ed46d8c7cc30c05
                                                                                                                      • Opcode Fuzzy Hash: 703d84aeffa1748c0a7f4e7b7f3d644e4fece87bafc10ad2630e9d1b31904f65
                                                                                                                      • Instruction Fuzzy Hash: 0A024BB4810700DFD760AF28D986B56BFF5FF01700F50895DE89A9B696E330E459CBA2
                                                                                                                      Function 00D92260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: a|$hu$lc$sj
                                                                                                                      • API String ID: 0-3748788050
                                                                                                                      • Opcode ID: 70ec5627e4d373ee141e821d3c2d76caff77e553a7dbd5826415ed0f1ba65c1a
                                                                                                                      • Instruction ID: 27ffcfd07d14ffb29d3d4699f0d7f754761d240e955ab3340d9dc9ad585073aa
                                                                                                                      • Opcode Fuzzy Hash: 70ec5627e4d373ee141e821d3c2d76caff77e553a7dbd5826415ed0f1ba65c1a
                                                                                                                      • Instruction Fuzzy Hash: A7A18B744083419BCB20DF18C891A3BB7F0FFA5754F589A0CE8D99B291E339D945CBA6
                                                                                                                      Function 00D9D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #'$CV$KV$T>
                                                                                                                      • API String ID: 0-95592268
                                                                                                                      • Opcode ID: 81b3266dc45ca2d77cf5cc087580b275a08ad8ad8a586939f4aff85894bc2d18
                                                                                                                      • Instruction ID: 2b7ca968e7ff2b1072e4e464d6d8f1700f502e5a82f152e399dc12da73488063
                                                                                                                      • Opcode Fuzzy Hash: 81b3266dc45ca2d77cf5cc087580b275a08ad8ad8a586939f4aff85894bc2d18
                                                                                                                      • Instruction Fuzzy Hash: 278145B4801745AFDB20EFA5D28556EBFB1FF16300F60560CE486ABA55C330AA55CFE2
                                                                                                                      Function 00D9AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                      • API String ID: 0-1327526056
                                                                                                                      • Opcode ID: a0a2fe697ac803f080f3658b0b8f52ef69e3525697a50270b396d1907ae78751
                                                                                                                      • Instruction ID: c695bc85dfdfa82ea455248e929a389330bf11c734479d357e5fa7a5a0eafe68
                                                                                                                      • Opcode Fuzzy Hash: a0a2fe697ac803f080f3658b0b8f52ef69e3525697a50270b396d1907ae78751
                                                                                                                      • Instruction Fuzzy Hash: A54197B5408392CBDB209F24D900BABB7F0FF86305F54995DE5C897261EB32D944CBA6
                                                                                                                      Function 00F25557 Relevance: 4.8, Strings: 3, Instructions: 1012COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *^~$\>zd$e!?|
                                                                                                                      • API String ID: 0-1780529451
                                                                                                                      • Opcode ID: f5ef3feb54e3ec47df1df7d3649123cf88a99a450ba207a23c46b8fb1d988900
                                                                                                                      • Instruction ID: d168f1e7a66398a895607360580fd04d6fbb3177954905c145101fd60af3cdb1
                                                                                                                      • Opcode Fuzzy Hash: f5ef3feb54e3ec47df1df7d3649123cf88a99a450ba207a23c46b8fb1d988900
                                                                                                                      • Instruction Fuzzy Hash: BF621AF360C2049FE308AE2DEC4567ABBE9EF94760F16493DE6C4C7744EA3598018697
                                                                                                                      Function 00F2F9CC Relevance: 4.4, Strings: 3, Instructions: 620COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: F1sW$t$t
                                                                                                                      • API String ID: 0-3618253685
                                                                                                                      • Opcode ID: ece929c881d81a242191ee7efa81d06edcb236d99c9a56b2246720743ca8556e
                                                                                                                      • Instruction ID: c6084badfa62dfbf29cff88613323935750315a2832fb251388e68753d021956
                                                                                                                      • Opcode Fuzzy Hash: ece929c881d81a242191ee7efa81d06edcb236d99c9a56b2246720743ca8556e
                                                                                                                      • Instruction Fuzzy Hash: 3D0269F361C2046FE3046E3DED8577ABBE9EB94320F168A3DE6C4C3744E97598018696
                                                                                                                      Function 00D9C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+($%*+($~/i!
                                                                                                                      • API String ID: 0-4033100838
                                                                                                                      • Opcode ID: 00c785efee6db4be5949bb9b75c0574465f290b11d95c1ba0a14b36e99b565ac
                                                                                                                      • Instruction ID: 66006389c6f85f25e590ea64d8f65885b79b8e7ae05e41102cede7490cb28006
                                                                                                                      • Opcode Fuzzy Hash: 00c785efee6db4be5949bb9b75c0574465f290b11d95c1ba0a14b36e99b565ac
                                                                                                                      • Instruction Fuzzy Hash: BEE187B5518342EFE7209F64D881B5ABBE5FB86340F48892CE6C987352D731D815CBA2
                                                                                                                      Function 00D78590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$)$IEND
                                                                                                                      • API String ID: 0-588110143
                                                                                                                      • Opcode ID: db6423269b61d31da18e143bf7587a9fef8c0a6b79a5b97c9bcfc5779a6dec40
                                                                                                                      • Instruction ID: 12905c9ee6367401e416c3a47a258584bc16fd80a984373abefadb7ee0b9e9d9
                                                                                                                      • Opcode Fuzzy Hash: db6423269b61d31da18e143bf7587a9fef8c0a6b79a5b97c9bcfc5779a6dec40
                                                                                                                      • Instruction Fuzzy Hash: F2E1B2B1A48705AFD310CF28C84572AFBE0FB94314F148A2DE59997381EB75E914DBE2
                                                                                                                      Function 00F35C13 Relevance: 4.0, Strings: 2, Instructions: 1519COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: zW$%:s
                                                                                                                      • API String ID: 0-3677136905
                                                                                                                      • Opcode ID: 4d71780c761a6c7d1873ff70caa7c6d22e6eea5854f0031b4c7316a7ae23d5e8
                                                                                                                      • Instruction ID: 04061908c805eac69b606de5c65f8f425d705d5dcda77defd8ba7e1638156080
                                                                                                                      • Opcode Fuzzy Hash: 4d71780c761a6c7d1873ff70caa7c6d22e6eea5854f0031b4c7316a7ae23d5e8
                                                                                                                      • Instruction Fuzzy Hash: BAA2F6F36082049FD314AE2DEC8576AFBE9EF94320F1A493DEAC4C7344E63598058697
                                                                                                                      Function 00DB4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+($f
                                                                                                                      • API String ID: 0-2038831151
                                                                                                                      • Opcode ID: 11a954f792726667972fb82f7be528c63d99a3c29470aef7c844697b1b76a0d3
                                                                                                                      • Instruction ID: 84369ca4cd5e42fff111c8126504f8c77e1980934c8b79a37b8f27c2d38e351d
                                                                                                                      • Opcode Fuzzy Hash: 11a954f792726667972fb82f7be528c63d99a3c29470aef7c844697b1b76a0d3
                                                                                                                      • Instruction Fuzzy Hash: C0128C71508341DFC715CF18D890BAEBBE5FB89314F188A2CE4969B392D731E945CBA2
                                                                                                                      Function 00DAF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: dg$hi
                                                                                                                      • API String ID: 0-2859417413
                                                                                                                      • Opcode ID: 102df0911bb3cb3e3c1b0a86afbafe30b09e645129526286652e4010b1b80baa
                                                                                                                      • Instruction ID: 4f49931e2934442073d08cc0998e3282dd277e5d5c05450bf8d62d0137b65346
                                                                                                                      • Opcode Fuzzy Hash: 102df0911bb3cb3e3c1b0a86afbafe30b09e645129526286652e4010b1b80baa
                                                                                                                      • Instruction Fuzzy Hash: 90F18371618302EFE704DF65D891B2ABBF6EF86344F14996CF1858B2A1C738D945CB22
                                                                                                                      Function 00D735B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Inf$NaN
                                                                                                                      • API String ID: 0-3500518849
                                                                                                                      • Opcode ID: 42e4ee9ac67147a94a43cf3561e10936074f1abd4b4f5352c15e4d94ab95e2b5
                                                                                                                      • Instruction ID: 9f229802a452ce56780f527bfe01d6c8dc7b23cf05306801db0cad81341536ad
                                                                                                                      • Opcode Fuzzy Hash: 42e4ee9ac67147a94a43cf3561e10936074f1abd4b4f5352c15e4d94ab95e2b5
                                                                                                                      • Instruction Fuzzy Hash: 19D1D472A183119BC704CF28C88161EBBE1EBC8750F25CA2DF9D9973A0E771DD059B92
                                                                                                                      Function 00D8FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: BaBc$Ye[g
                                                                                                                      • API String ID: 0-286865133
                                                                                                                      • Opcode ID: ef2ffbb2fff3d7cb9e07cda483b2ea5bcedcec2af19390d2c0349a6bd1c631e0
                                                                                                                      • Instruction ID: 45d3b574ab762001799ad5e5d5160ed88b5e9fcf1fd0b6fd35dd6d49468f1f11
                                                                                                                      • Opcode Fuzzy Hash: ef2ffbb2fff3d7cb9e07cda483b2ea5bcedcec2af19390d2c0349a6bd1c631e0
                                                                                                                      • Instruction Fuzzy Hash: 8051AAB16083818FDB31CF18D885BABBBE4FF96310F18491DE49A9B651E3749940CB67
                                                                                                                      Function 00D75160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %1.17g
                                                                                                                      • API String ID: 0-1551345525
                                                                                                                      • Opcode ID: 2909642707682dd5748c2b27d0968835d096fdfdd38fb7c52ac4a6528fe69248
                                                                                                                      • Instruction ID: 2af45acd1a81589468f99196058d66fc7393893ec6bf3cb7941609f659a18ee8
                                                                                                                      • Opcode Fuzzy Hash: 2909642707682dd5748c2b27d0968835d096fdfdd38fb7c52ac4a6528fe69248
                                                                                                                      • Instruction Fuzzy Hash: C422B2B6A08B428BE7198E18A440726BBA2AFE0314F1DC56DD89D4B359F7F1DC05C763
                                                                                                                      Function 00DA12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "
                                                                                                                      • API String ID: 0-123907689
                                                                                                                      • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                      • Instruction ID: 2b09161de01bc82c33cf86d3e63d35d2a88a06e988fcb03c6358a75b0b65cbd8
                                                                                                                      • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                      • Instruction Fuzzy Hash: 04F11679A083515FC724CE28C49066BBBE6AFC6350F1CC96DE89A87382D634DD05C7B2
                                                                                                                      Function 00D9AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: 619ef157bd4a2cc340844cd12fc29c16df4c818f633cd102399b45fed5af6fff
                                                                                                                      • Instruction ID: ab8adc40efc5c38d79a0e11a54d80ce2736c65a6ab2bc0976564b625490f0e8b
                                                                                                                      • Opcode Fuzzy Hash: 619ef157bd4a2cc340844cd12fc29c16df4c818f633cd102399b45fed5af6fff
                                                                                                                      • Instruction Fuzzy Hash: 8EE1DA75508306DBCB14DF28D88096FB3E2FF99791F59891DE4C587221E330E999CBA2
                                                                                                                      Function 00D86EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: 189ad209af0b266395ffc6d6f4cc2f97cafeb3a4d178c983726e8773ce67ad20
                                                                                                                      • Instruction ID: ffd8b38a3e47cb24705994cca2a7c3e7c3f58966808c85609255ebc624889f24
                                                                                                                      • Opcode Fuzzy Hash: 189ad209af0b266395ffc6d6f4cc2f97cafeb3a4d178c983726e8773ce67ad20
                                                                                                                      • Instruction Fuzzy Hash: 67F18FB5600701CFC725AF28D881A26B7F6FF48325B148A2DE59787791EB30F855CB61
                                                                                                                      Function 00D97E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: 507ba6811d9104fae8d3a6940c43d6984160daed16d3e64bc82037508f47fa96
                                                                                                                      • Instruction ID: fa38df35bda41418d184d01fcc217aac3c30903049216dbd728da785ae76bce5
                                                                                                                      • Opcode Fuzzy Hash: 507ba6811d9104fae8d3a6940c43d6984160daed16d3e64bc82037508f47fa96
                                                                                                                      • Instruction Fuzzy Hash: 8CC19E71508300ABDB11AF14C882A2BB7F5EF96B54F08881CF8C997251E735ED55EBB2
                                                                                                                      Function 00D98D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: 9c3692a9e88592e3b42fa31a29a071e07e2c791109aeb20605b1be26857702c4
                                                                                                                      • Instruction ID: d46470b812f93f6b37ed796d420ea1048e88a18fc92b7a4906952b0f19fd1e4c
                                                                                                                      • Opcode Fuzzy Hash: 9c3692a9e88592e3b42fa31a29a071e07e2c791109aeb20605b1be26857702c4
                                                                                                                      • Instruction Fuzzy Hash: 36D16770618302DFDB04DF68E890A6ABBE5FB89314F59486CE886C7391D735E990CB61
                                                                                                                      Function 00DB7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: P
                                                                                                                      • API String ID: 0-3110715001
                                                                                                                      • Opcode ID: d2bc968b8ca0d056a0a309793d56176f41031d7cefb1a202ad88577669487286
                                                                                                                      • Instruction ID: 1eee3a240bd3b3a1c28d9f39fb8c45c87e325abdf0da6c15fd5798397c4415a5
                                                                                                                      • Opcode Fuzzy Hash: d2bc968b8ca0d056a0a309793d56176f41031d7cefb1a202ad88577669487286
                                                                                                                      • Instruction Fuzzy Hash: DDD11632908361CFC725CE18D89075FB6E6EB81758F19862CE8A6AB380DB71DC45D7E1
                                                                                                                      Function 00D9CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 2994545307-3233224373
                                                                                                                      • Opcode ID: 1c63b05cc447beb568cc4ca8d2bf9c85f0078ee3dc3691461ee4b87a7cc07435
                                                                                                                      • Instruction ID: 01ed5606dbb4b7c9001554513fb4be58f26d532f51a80ff867a4967c29e90b86
                                                                                                                      • Opcode Fuzzy Hash: 1c63b05cc447beb568cc4ca8d2bf9c85f0078ee3dc3691461ee4b87a7cc07435
                                                                                                                      • Instruction Fuzzy Hash: 45B1E1716193029BDB14DF18D880B2BBBE2EF95340F58592CE5C98B351E335E855CBB2
                                                                                                                      Function 00D7A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,
                                                                                                                      • API String ID: 0-3772416878
                                                                                                                      • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                      • Instruction ID: 93e513f8a3370122c0d46c2796465b9ffaf5b2e90555ec3f4b1ab18f36af2d83
                                                                                                                      • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                      • Instruction Fuzzy Hash: ADB118711083819FD325CF18C88061FBBE1AFA9704F488A2DF5D997742D671EA18CB67
                                                                                                                      Function 00DAFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: bebfe19f2956b5cf0801caa0ff5c3080374e11fac7e89a2557787cf6c6a15bd9
                                                                                                                      • Instruction ID: 144f11747aae183fc25fb50d394860c68e47f1e8d2beaeb229a54b266bea634b
                                                                                                                      • Opcode Fuzzy Hash: bebfe19f2956b5cf0801caa0ff5c3080374e11fac7e89a2557787cf6c6a15bd9
                                                                                                                      • Instruction Fuzzy Hash: CC81BBB1508306EBDB11DFA9E884B2AB7E5FB9A701F04886CF1C597291D730E954CB72
                                                                                                                      Function 00D8D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: 8c5e9fff028a1ced4b5547e7fbaebea6eaabc4932f5cc95ecf20c4c947a8d9bf
                                                                                                                      • Instruction ID: 559c8579a8036e13ef8874bb611ad468c947a239a1ba7a5fc6ed2b0503c552f3
                                                                                                                      • Opcode Fuzzy Hash: 8c5e9fff028a1ced4b5547e7fbaebea6eaabc4932f5cc95ecf20c4c947a8d9bf
                                                                                                                      • Instruction Fuzzy Hash: 006191B1908306DBD711AF18D842A2AB3B6FF95354F08496DF989973D1E731E910C7B2
                                                                                                                      Function 00E03B98 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "<j
                                                                                                                      • API String ID: 0-593879273
                                                                                                                      • Opcode ID: 9be97b3a4d2fe6415aff6adff1de14a047408ba9d1e68ea1b07b8db3a4e7d086
                                                                                                                      • Instruction ID: f79bc49e8632cb87df1f83596f8d7c3d63b14c74f8c2a6b802f06ef53fe7f4cd
                                                                                                                      • Opcode Fuzzy Hash: 9be97b3a4d2fe6415aff6adff1de14a047408ba9d1e68ea1b07b8db3a4e7d086
                                                                                                                      • Instruction Fuzzy Hash: C281D5F3A086109FE7056E29DC4577AB7E5EF94720F1B493DD6C883380EA7948418786
                                                                                                                      Function 00DB4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: 7793c72d840f6dd13711143e489eb6fb06aa17bc12ab82492b668a41c060b943
                                                                                                                      • Instruction ID: 217d12275916fad18ca6ee102cae2cd89d3fe86d66df2e15bec0b86e37636413
                                                                                                                      • Opcode Fuzzy Hash: 7793c72d840f6dd13711143e489eb6fb06aa17bc12ab82492b668a41c060b943
                                                                                                                      • Instruction Fuzzy Hash: CC61E071609301DBDB11DF19D880B6ABBE6EB84714F18891CE6CA87396D731EC50CB76
                                                                                                                      Function 00E08C15 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: _8~
                                                                                                                      • API String ID: 0-3969747003
                                                                                                                      • Opcode ID: 4aefb5ef73c3286e3af8e493f6c82fdf6433fd18fb8d7c689225367ebeb4d98b
                                                                                                                      • Instruction ID: 644eebd56f6545d94700859c4d8595c11b34e4094b9954079766dabcac22d676
                                                                                                                      • Opcode Fuzzy Hash: 4aefb5ef73c3286e3af8e493f6c82fdf6433fd18fb8d7c689225367ebeb4d98b
                                                                                                                      • Instruction Fuzzy Hash: 7F513BB3A082145FE3546E29DC857A7B7D9EB94320F1A453DEAD8C3380E9755C04C6D6
                                                                                                                      Function 00D7E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00D7E333
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                      • API String ID: 0-2471034898
                                                                                                                      • Opcode ID: 8d79f6d915bcec2a22646f490b40dbe15d8d7e15da842970d3b56999b0ddb7fe
                                                                                                                      • Instruction ID: 64985b3afe02f1a9f95f95253355b3a13014d39e985d2d86eb93dbdfc721e36b
                                                                                                                      • Opcode Fuzzy Hash: 8d79f6d915bcec2a22646f490b40dbe15d8d7e15da842970d3b56999b0ddb7fe
                                                                                                                      • Instruction Fuzzy Hash: B5510823A596A08BD324897C5C553697BC70B9B334B3DC7A9E9F9CB3E5F555880043B0
                                                                                                                      Function 00DB3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: 8945e90daf3b8dc2df0ed97c1f036f2d3beecfec2fe29280a4e505dba6c6f272
                                                                                                                      • Instruction ID: d722af2c096ac0d294cd13faf9043218a7bb5df4e406cef441ec580215558c09
                                                                                                                      • Opcode Fuzzy Hash: 8945e90daf3b8dc2df0ed97c1f036f2d3beecfec2fe29280a4e505dba6c6f272
                                                                                                                      • Instruction Fuzzy Hash: F3519E34609341DBCB24DF19D880A6ABBE5EF85744F28881CE4CB97251D771EE50EB72
                                                                                                                      Function 00D81BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: L3
                                                                                                                      • API String ID: 0-2730849248
                                                                                                                      • Opcode ID: 94095ef6f9d5002219cf8a5c97299d1063f40c06e6bdfdb94664f67c277207e3
                                                                                                                      • Instruction ID: 92a5eb5c34274930e0b055dfd813948bc0f55e283ed46d0ded4b512dbae52369
                                                                                                                      • Opcode Fuzzy Hash: 94095ef6f9d5002219cf8a5c97299d1063f40c06e6bdfdb94664f67c277207e3
                                                                                                                      • Instruction Fuzzy Hash: B54142B80083819BC714AF15D894A2BBBF4FF86314F08891CF5C59B291D736C9198B66
                                                                                                                      Function 00DAFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: 39dd9d91acb347da8533040cbb785a7adf54389ec8573f1432c46df49c972a5b
                                                                                                                      • Instruction ID: b1b0e32fc17fb100946f197546c97d7837cc325444fb7293042aba4b47df4117
                                                                                                                      • Opcode Fuzzy Hash: 39dd9d91acb347da8533040cbb785a7adf54389ec8573f1432c46df49c972a5b
                                                                                                                      • Instruction Fuzzy Hash: CE31B2B1908305EBD610FA58DC81F6BBBE9EB85744F544828F98697252E221E854C7B2
                                                                                                                      Function 00D9E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 72?1
                                                                                                                      • API String ID: 0-1649870076
                                                                                                                      • Opcode ID: 40fd5209938a37f1137ac452436fc1f28db7a9482b14d8c3f5121a4a2fccf21c
                                                                                                                      • Instruction ID: 7c507c609c879fdb5ad74068efe2bd365fb8ffecab920a9a1d983458dd5893a8
                                                                                                                      • Opcode Fuzzy Hash: 40fd5209938a37f1137ac452436fc1f28db7a9482b14d8c3f5121a4a2fccf21c
                                                                                                                      • Instruction Fuzzy Hash: 4431A5B5900316CFDB20DF95E8809AFB7B5FB5A745F18486CE446A7302D731A904CBB2
                                                                                                                      Function 00D86F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %*+(
                                                                                                                      • API String ID: 0-3233224373
                                                                                                                      • Opcode ID: c95707b380049d9e6c972f145561de4c939086420d0a76dff472ff83429ffe17
                                                                                                                      • Instruction ID: de3129c0db51482bc5b253bc1fd5372e557e83405c1bef5c8ae5edebe110c420
                                                                                                                      • Opcode Fuzzy Hash: c95707b380049d9e6c972f145561de4c939086420d0a76dff472ff83429ffe17
                                                                                                                      • Instruction Fuzzy Hash: 42415671204B05DBDB359B61D994F27B7F2FB09701F28891CE58A9BAA1E331F8408B20
                                                                                                                      Function 00D9E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 72?1
                                                                                                                      • API String ID: 0-1649870076
                                                                                                                      • Opcode ID: 2cf10a552ed7e1fe1a53cd97385e6efd9e7367284c0d57f51174e81de76824e4
                                                                                                                      • Instruction ID: 09c0c5c0cc2eaf9d924e20b1a6cb316f98fe6b2454b76219145e76e9aad67771
                                                                                                                      • Opcode Fuzzy Hash: 2cf10a552ed7e1fe1a53cd97385e6efd9e7367284c0d57f51174e81de76824e4
                                                                                                                      • Instruction Fuzzy Hash: B4219FB5900316CFCB21DF95D98096FBBB5FB1A745F18481CE446AB342D735A900CBB2
                                                                                                                      Function 00DB9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 2994545307-2766056989
                                                                                                                      • Opcode ID: fc96a5d55083d7d0ed41b13a911d0badaafb2c392816f49b5a1e427c64627e21
                                                                                                                      • Instruction ID: 2e6f274a2e68b11d0545d076ebfc9774712ef13811ce2717d13f1f78e58ae4b6
                                                                                                                      • Opcode Fuzzy Hash: fc96a5d55083d7d0ed41b13a911d0badaafb2c392816f49b5a1e427c64627e21
                                                                                                                      • Instruction Fuzzy Hash: 2E319870508341DBD710DF19D890A6BFBF9EF9A314F18892CE2CA97251D335E844CBA6
                                                                                                                      Function 00D84E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a04bfbbf3c379154c2e273b20eaba2e819aa8d009c5fca627c67f5585d5475d2
                                                                                                                      • Instruction ID: 9affa8d259c20b3a694bedcca09a22f3b3d2fb85967ca6f4d53ac8f5c8fc64dc
                                                                                                                      • Opcode Fuzzy Hash: a04bfbbf3c379154c2e273b20eaba2e819aa8d009c5fca627c67f5585d5475d2
                                                                                                                      • Instruction Fuzzy Hash: 406259B4510B008FD725EF28D990B27B7F6EF49704F58896CD49A8BA56E734F804CBA1
                                                                                                                      Function 00D7BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                      • Instruction ID: 435351fc2295051875945bb41f2e45317d60145cbaf84945de6f2a82a65171bc
                                                                                                                      • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                      • Instruction Fuzzy Hash: 5C520731A187118FC7259F18D4802BAB3E1FFC4319F29DA2DD9CA93291F735A851CB96
                                                                                                                      Function 00DB8652 Relevance: .7, Instructions: 710COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 028407c14720d95b91cbd0bfe7303d74da2278e0eb168252e98a3646a70b167a
                                                                                                                      • Instruction ID: fac8634605823a7c9edf3d631927972dd8ec62ecd3797a6b2bfa348b12bc0d2c
                                                                                                                      • Opcode Fuzzy Hash: 028407c14720d95b91cbd0bfe7303d74da2278e0eb168252e98a3646a70b167a
                                                                                                                      • Instruction Fuzzy Hash: EC229835608382DFC704DF68E8A0A6AF7F1EB8A315F09896DE58AC7351D735D850CB62
                                                                                                                      Function 00DB86F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0fb9ccb17853ac8d0fa61ec5078347d68173b20c2bc6baa38ccb123b7c31992b
                                                                                                                      • Instruction ID: 27ec44b6738c4e533c97b86fda1104921efd9be2bd78606a3314074bc3fbeda5
                                                                                                                      • Opcode Fuzzy Hash: 0fb9ccb17853ac8d0fa61ec5078347d68173b20c2bc6baa38ccb123b7c31992b
                                                                                                                      • Instruction Fuzzy Hash: A0228835608382DFC704DF68E8A0A1AFBF1EB8A315F09896DE5CA87351D735D850CB62
                                                                                                                      Function 00D7B3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 444625e72b2f9522cc355917999952858203841a0d46341e1edcb81f8de56a2c
                                                                                                                      • Instruction ID: 797c7f7625985e6916026209f84c54af6615e7fe9ab2fb1d3d9dcf6ebcd2786a
                                                                                                                      • Opcode Fuzzy Hash: 444625e72b2f9522cc355917999952858203841a0d46341e1edcb81f8de56a2c
                                                                                                                      • Instruction Fuzzy Hash: 8E5296709087848FE735CB24C4447A7BBE1EF91324F18C92FD5DA06B82E779A985CB61
                                                                                                                      Function 00D771F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3622f6e000c5805db7cc0cecd52acbef38d86c8e93a878c5eb784cbffa88ef8d
                                                                                                                      • Instruction ID: 8f87255534c7a81a433a8c7d0d3ba4639bf9d32de35580c169d4ff4da5646911
                                                                                                                      • Opcode Fuzzy Hash: 3622f6e000c5805db7cc0cecd52acbef38d86c8e93a878c5eb784cbffa88ef8d
                                                                                                                      • Instruction Fuzzy Hash: 3B528F3160C3458FCB15CF28C0906AABBE1BF88318F19CA6DE89D5B352E775D949CB91
                                                                                                                      Function 00D78FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bf5d5db7eb95cebcb4cf9c664ca28c1b1cbc999da8374244e14be1d8146cc499
                                                                                                                      • Instruction ID: 45bdae9a48184eb936a07e7e747e5695451c309168a2bcae17c64cb942c823c2
                                                                                                                      • Opcode Fuzzy Hash: bf5d5db7eb95cebcb4cf9c664ca28c1b1cbc999da8374244e14be1d8146cc499
                                                                                                                      • Instruction Fuzzy Hash: 46424675608301DFD714CF28D86079ABBE1BF88315F09896DE4898B3A1E739D945CFA2
                                                                                                                      Function 00D77BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c25dbe03bcf1743db68e7fac423b9a2813168593db1ed761cd23fc708ea37cec
                                                                                                                      • Instruction ID: 705dbffe718cf06d92c06564f609b3cae6744c0e9043946a8156304ce669d249
                                                                                                                      • Opcode Fuzzy Hash: c25dbe03bcf1743db68e7fac423b9a2813168593db1ed761cd23fc708ea37cec
                                                                                                                      • Instruction Fuzzy Hash: 77321270514B118FC338CE29C69452ABBF1BF45710BA48A2ED69B87B90E736F845DB24
                                                                                                                      Function 00DB89A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e05909841f9efc919cb1b172fa130d30dd3d6d57adb11a205307ebde3a6a893e
                                                                                                                      • Instruction ID: c3e8db4e4a9dabe7faa758eb13d976d26fd1772ea6e7078466ce4ea880d0eeef
                                                                                                                      • Opcode Fuzzy Hash: e05909841f9efc919cb1b172fa130d30dd3d6d57adb11a205307ebde3a6a893e
                                                                                                                      • Instruction Fuzzy Hash: B1028835608382DFC704DF68E8A0A1AFBF5EB8A305F09896DE5C587361D735D850CBA6
                                                                                                                      Function 00DB8A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 865a07b8b37f26e6992283e223334d65724f8c48c9b87605ab0498da1bd54d7d
                                                                                                                      • Instruction ID: 959ceb9c8fa25940c724792d45b8db23bf2defd07841d64eabde1ae38adbe214
                                                                                                                      • Opcode Fuzzy Hash: 865a07b8b37f26e6992283e223334d65724f8c48c9b87605ab0498da1bd54d7d
                                                                                                                      • Instruction Fuzzy Hash: 91F18934608382DFC704EF68D8A0A5AFBE5EB8A305F09892DE5C5C7351D736D910CBA6
                                                                                                                      Function 00DB8C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: eeb862ea9d44a7242ae43e869376c977df10c3466a90813ac2b470f37cecf23c
                                                                                                                      • Instruction ID: d4d7468726f76fd67a32706a08991daf72e9393a4cfdf79a7cd02c070dcd25c0
                                                                                                                      • Opcode Fuzzy Hash: eeb862ea9d44a7242ae43e869376c977df10c3466a90813ac2b470f37cecf23c
                                                                                                                      • Instruction Fuzzy Hash: D3E19C31608382DFC704DF28D8A1A6AF7E5EB8A315F09896CE5C6C7351D736D910CBA2
                                                                                                                      Function 00D7A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                      • Instruction ID: 81d261dd9688e8575336da7b23d3f367a2a158a143ca3b0822def5d9dfe12d20
                                                                                                                      • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                      • Instruction Fuzzy Hash: 7AF1AD766087418FC724CF29C88166FFBE6AFD8300F48882DE4D987751E639E945CB62
                                                                                                                      Function 00DB8E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 940fe89488716ddb35141395cfba464c22d2bce271ec8f7bed18de717c1137b4
                                                                                                                      • Instruction ID: 769a07374e27a646e0e3336a8635bbada2d2275fc4d3aa5b5a0be412935e33dc
                                                                                                                      • Opcode Fuzzy Hash: 940fe89488716ddb35141395cfba464c22d2bce271ec8f7bed18de717c1137b4
                                                                                                                      • Instruction Fuzzy Hash: EAD17D34608381DFD704DF28D8A0A6AFBE5EB8A305F49896DE5C687351D736D810CB66
                                                                                                                      Function 00D84487 Relevance: .4, Instructions: 389COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 71bee882f1323d77d7c8b01afc530e432a03a4ed982679d561e5f763a1a8ddb0
                                                                                                                      • Instruction ID: f09e6036ac9194a271d16f8a843219a5f296e6bffa87ec9c4de319abd929142f
                                                                                                                      • Opcode Fuzzy Hash: 71bee882f1323d77d7c8b01afc530e432a03a4ed982679d561e5f763a1a8ddb0
                                                                                                                      • Instruction Fuzzy Hash: A9E1DEB5601B00CFD365DF28E992B97B7E1FF06704F04886DE4AAC7752E735A8148B64
                                                                                                                      Function 00DB6CBF Relevance: .4, Instructions: 384COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 511a88573aeccfba5a591a22ef530394a345c341b73acb20661cc7edc1a47440
                                                                                                                      • Instruction ID: 47ca4e356e15e4643c0a010243c98facfecf524d7e052b2ad8e94b9e7c50af55
                                                                                                                      • Opcode Fuzzy Hash: 511a88573aeccfba5a591a22ef530394a345c341b73acb20661cc7edc1a47440
                                                                                                                      • Instruction Fuzzy Hash: D6D1E236618356CFC714CF38E8C096AB7E1AB89314F098A6CE495D7391D335EA45CBA1
                                                                                                                      Function 00DB7AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 54a6ed739d232ca9c3f78e1adac85f9e5b50c338ef20675e0f37ed27f0a7a494
                                                                                                                      • Instruction ID: 3fba2f5ac935dc7aa4fb0ac93e6af87acf0c2f1261f33265cf1bf6bd3d03894e
                                                                                                                      • Opcode Fuzzy Hash: 54a6ed739d232ca9c3f78e1adac85f9e5b50c338ef20675e0f37ed27f0a7a494
                                                                                                                      • Instruction Fuzzy Hash: CEB1C572A083518BD724DE28CC457ABBBE5EFC5314F08492DF99A97391E635DC0487B2
                                                                                                                      Function 00D7AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                      • Instruction ID: aa65cab3c0d4fb8a896f535daaa55a2ad66ed990478f5e387a715a588b350b24
                                                                                                                      • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                      • Instruction Fuzzy Hash: 48C18E72A087418FC360CF68DC96BABB7E1FF85318F08892DD1D9C6242E778A155CB55
                                                                                                                      Function 00D86536 Relevance: .3, Instructions: 295COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 03a794ae6bb9333bb826d2a4a7a6ae4e2da0a4583c3955d1497f01063277abcc
                                                                                                                      • Instruction ID: 46da6c3b7e57a7555a41f103d06da3d15ac0360fd513901d746a8bdfee8ba8e0
                                                                                                                      • Opcode Fuzzy Hash: 03a794ae6bb9333bb826d2a4a7a6ae4e2da0a4583c3955d1497f01063277abcc
                                                                                                                      • Instruction Fuzzy Hash: 4DB1F0B4600B408FD3259F28D981B27BBF1EF46704F14885DE8AA8BB52E775F805CB65
                                                                                                                      Function 00DB7710 Relevance: .3, Instructions: 287COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 0a7426f0f20e922f44de7c6b4ce5d9433b751e9edab01dc116f40a7e81badeb3
                                                                                                                      • Instruction ID: 257bacbaa9e3b62db22dd6aa90ed658552471a000d6a243b994966826a5b4b29
                                                                                                                      • Opcode Fuzzy Hash: 0a7426f0f20e922f44de7c6b4ce5d9433b751e9edab01dc116f40a7e81badeb3
                                                                                                                      • Instruction Fuzzy Hash: AF916B7560C301EBEB20DA14D881BABB7E5EBC5354F584818F59A97391E630E950CBB2
                                                                                                                      Function 00DBA0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cd8116dba15739ea32ab2ff697c9783b511013798031c83a5ecf9b7a935b191a
                                                                                                                      • Instruction ID: f2cb9c96a8bfc551e523181213cd66ac5009cea80e71532093bf954a42ee58c9
                                                                                                                      • Opcode Fuzzy Hash: cd8116dba15739ea32ab2ff697c9783b511013798031c83a5ecf9b7a935b191a
                                                                                                                      • Instruction Fuzzy Hash: C0817A34208702DBD724DF6CD890A6AB7E5EF59740F49892CE586CB351E731EC50CBA2
                                                                                                                      Function 00DA64F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f9103c45fbafe05a162f07155952d46e91aece4d116ee084af6e57fb71fcf239
                                                                                                                      • Instruction ID: 1e66d4cd383888cead2f35c10b8cc4055ea64d046a8f8b6385cb1280c50fab16
                                                                                                                      • Opcode Fuzzy Hash: f9103c45fbafe05a162f07155952d46e91aece4d116ee084af6e57fb71fcf239
                                                                                                                      • Instruction Fuzzy Hash: DC71C737B29A908BC3149D7C4C42395BA835BE7334B3DC3B9A9B4CB3E5D629C8064361
                                                                                                                      Function 00D928E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 56d19ce356340e7e066463805155525f50954a841d21882ff7790c97dc54abd6
                                                                                                                      • Instruction ID: 9cd820007f93e68c48268434bc8680c45b4eaab2819c9877c0059026c26dbeb0
                                                                                                                      • Opcode Fuzzy Hash: 56d19ce356340e7e066463805155525f50954a841d21882ff7790c97dc54abd6
                                                                                                                      • Instruction Fuzzy Hash: 876177B4418341ABD710AF58D841A2BBBF0FFA6754F08891CF4C59B361E339D910CB66
                                                                                                                      Function 00D97C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0150ebc4d4b4c7f87bc69ad0009bb0fda142151f380e6fc991394eb7420cecea
                                                                                                                      • Instruction ID: 6f74c860af0e58d81009e98594eb27ca94036aef53f7601ad7842c999e6ce0f0
                                                                                                                      • Opcode Fuzzy Hash: 0150ebc4d4b4c7f87bc69ad0009bb0fda142151f380e6fc991394eb7420cecea
                                                                                                                      • Instruction Fuzzy Hash: FA518DB1628204ABDB209B24CC92BB733B4EF85764F188558F9868B291F375D905C776
                                                                                                                      Function 00DA1860 Relevance: .2, Instructions: 217COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                      • Instruction ID: 2ade68ebd84b1ae0531f8a3ca1c9ef83bbf315116fe63232aa85cee9beb6af9c
                                                                                                                      • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                      • Instruction Fuzzy Hash: CB61C03960D311ABD714CE2CC58032FBBE6ABCA350F68C92DE4D98B251D374DD869B61
                                                                                                                      Function 00E64FFB Relevance: .2, Instructions: 216COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 96fcec419bfd3629f66b1617f8d2928e35f5ce6c6b5af659e0ea6e19e2dd6c65
                                                                                                                      • Instruction ID: 0b94141249fa32666617c62839347190a02a6fe2840fffa7295a4c182eade417
                                                                                                                      • Opcode Fuzzy Hash: 96fcec419bfd3629f66b1617f8d2928e35f5ce6c6b5af659e0ea6e19e2dd6c65
                                                                                                                      • Instruction Fuzzy Hash: D051AFF3D046085BF304692DEC88767F79ADBE4724F1E873DEA9453788F97698068181
                                                                                                                      Function 00DA82D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 61e0f0a4a3abb51643864b873fa990c37ba32e61646fd4c007809c79abda8edd
                                                                                                                      • Instruction ID: 8b2a0f0e3afd298dfe92aacd2feae78386db612d1b3b94fc9f8326a692ef7b98
                                                                                                                      • Opcode Fuzzy Hash: 61e0f0a4a3abb51643864b873fa990c37ba32e61646fd4c007809c79abda8edd
                                                                                                                      • Instruction Fuzzy Hash: 92614823B5AA908BC314453C5C553AAAA835BD7730F3EC36ADCF1CB3E4DDA988016361
                                                                                                                      Function 00D842FC Relevance: .2, Instructions: 206COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2d9c6547977ce3dd260ffb8b3bb10dbbac514dbffdb50b5870ad44310b881326
                                                                                                                      • Instruction ID: 7a44b3363b0df75c15fbfada51692dc1195b8cacc81b3d339c1926e5aec66932
                                                                                                                      • Opcode Fuzzy Hash: 2d9c6547977ce3dd260ffb8b3bb10dbbac514dbffdb50b5870ad44310b881326
                                                                                                                      • Instruction Fuzzy Hash: 8B81DFB4810B00AFD360EF39D947757BEF4AB06601F408A1DE4EE96695E730A419CBE2
                                                                                                                      Function 00DAE8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                      • Instruction ID: 78ca5ff86f21f20027696143b2c95b21e0230bac77aa287ba7369b5030ab7ee9
                                                                                                                      • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                      • Instruction Fuzzy Hash: 9E514AB56087548FE314DF69D49435BBBE1BB89318F044E2DE4E987390E379DA088B92
                                                                                                                      Function 00EB0AA8 Relevance: .2, Instructions: 188COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9a0c41bb84f3fc2c8fe0b2075ab41df47b79a04a452d53d590d37dcd03a75e90
                                                                                                                      • Instruction ID: 87fc0aab48b5801c5ece111af67ae1f8999c11aa08e6226afd11235b031c5041
                                                                                                                      • Opcode Fuzzy Hash: 9a0c41bb84f3fc2c8fe0b2075ab41df47b79a04a452d53d590d37dcd03a75e90
                                                                                                                      • Instruction Fuzzy Hash: 385104F29087108FF3046F68EC8536AFBE5EF84320F16853DDAC897384DA7959448786
                                                                                                                      Function 00E40B9C Relevance: .2, Instructions: 185COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 54a153a1f340f7b1d099aba7454a508de096e1f40ad0f0210e2086782988585d
                                                                                                                      • Instruction ID: 8f77fd4fab9d2e25d628f005988ef9aaf4c81ee858c07339c2f3f3874cefd4c2
                                                                                                                      • Opcode Fuzzy Hash: 54a153a1f340f7b1d099aba7454a508de096e1f40ad0f0210e2086782988585d
                                                                                                                      • Instruction Fuzzy Hash: 395127F3A041109FE7089D29EC457BAB7D6DBD4320F2B863DE6D9C7784ED35A8058285
                                                                                                                      Function 00DB7520 Relevance: .2, Instructions: 176COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 784ce14cf8392644907eea15910227cb2a89bbceb628ceae07801d94cd3620ff
                                                                                                                      • Instruction ID: 5180fd43c9801f881336bdfeaf3f757a0a286d8ebb822045b90a711f09867543
                                                                                                                      • Opcode Fuzzy Hash: 784ce14cf8392644907eea15910227cb2a89bbceb628ceae07801d94cd3620ff
                                                                                                                      • Instruction Fuzzy Hash: 7D51E33160C201EBC7159E18DC90B6EB7E6EBC5754F288A2CE9DA97391D631EC5087B1
                                                                                                                      Function 01004F63 Relevance: .2, Instructions: 167COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e43372566ace5a8ff06cac79f54739255e7ca006938d13492b1626bf830a0413
                                                                                                                      • Instruction ID: 35296a1fe30d5a8950d731b1f875bfc23126ae14a37475807a58a02747b23eff
                                                                                                                      • Opcode Fuzzy Hash: e43372566ace5a8ff06cac79f54739255e7ca006938d13492b1626bf830a0413
                                                                                                                      • Instruction Fuzzy Hash: 285157B641C610EFE302AE28DC8567EFBE8EF54760F16092DEAC297280D6755480CF97
                                                                                                                      Function 00EF7A9A Relevance: .2, Instructions: 166COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 127a3ccc1dddc942f1fd114a45b6df0088b1013c8ddea1bf211497bbc2f14880
                                                                                                                      • Instruction ID: 4f581528862e4de21d01d629dc277a1064b2d31a2a57c38e7745802aa2eca7c7
                                                                                                                      • Opcode Fuzzy Hash: 127a3ccc1dddc942f1fd114a45b6df0088b1013c8ddea1bf211497bbc2f14880
                                                                                                                      • Instruction Fuzzy Hash: 7251D5F3608705ABE308AE2ADC85B6BBBE5EB94320F1A493DE6C5C3B40E93554418656
                                                                                                                      Function 00D75A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7be8529341074f9c62d624c3943fafea6342189de84ffab3662194ed32be5644
                                                                                                                      • Instruction ID: f8aedb137d4c2fb6608e6bcb3b9af9266174b33da32398161e85f8ab9c87e084
                                                                                                                      • Opcode Fuzzy Hash: 7be8529341074f9c62d624c3943fafea6342189de84ffab3662194ed32be5644
                                                                                                                      • Instruction Fuzzy Hash: AB51C4759047049FC714DF14D880A2AB7A1FF85324F19866CF89D8B356EA71EC41CBA3
                                                                                                                      Function 00E47346 Relevance: .1, Instructions: 149COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c5bcbcdaa1dd2740fc99651b9a4ccb379dec03d15149fe3576dfea7d1961fad8
                                                                                                                      • Instruction ID: a6c10ff1f2f20c680c403209cf48726a2adf4f1a4a369b3ec688bfcecf36f526
                                                                                                                      • Opcode Fuzzy Hash: c5bcbcdaa1dd2740fc99651b9a4ccb379dec03d15149fe3576dfea7d1961fad8
                                                                                                                      • Instruction Fuzzy Hash: E9415BF3D196008BE3146E2CDC897A6FAE6DBD4320F2B893DDAC883744DD7458058696
                                                                                                                      Function 00D9EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c7e79e0f8ee64598e675c52d297cdf3dc65f72ed849bc83b6959861d86dd4732
                                                                                                                      • Instruction ID: 735f59fa86bde3442fe92b6fca99550c289b73fc85331951966feda3c49ec00a
                                                                                                                      • Opcode Fuzzy Hash: c7e79e0f8ee64598e675c52d297cdf3dc65f72ed849bc83b6959861d86dd4732
                                                                                                                      • Instruction Fuzzy Hash: EE418178900326DBDF20CF54DC91BADB7B0FF0A340F184548E985AB391EB389951CBA1
                                                                                                                      Function 00DB9B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: db844a28caeaa96a11fe67ea7a67737329117a7eefba3dc7092fd0c49cbd1f34
                                                                                                                      • Instruction ID: f9dc22137872e0546c69cea967b32ae979ece44d0e1d4f5b783be5c410ef5dd8
                                                                                                                      • Opcode Fuzzy Hash: db844a28caeaa96a11fe67ea7a67737329117a7eefba3dc7092fd0c49cbd1f34
                                                                                                                      • Instruction Fuzzy Hash: 5A41B274208381EBD710DB15D9A0B6FFBE6EB85710F18881CF68A97291C331E850CB76
                                                                                                                      Function 00D82030 Relevance: .1, Instructions: 136COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bea5feb231c93c742798a72126522e4b781d7c1dee495dee675264e55a32fbf6
                                                                                                                      • Instruction ID: 649f457f1342519ab8d1d465bca689b610e034457a33bccc66d6cd2c83d3a8e6
                                                                                                                      • Opcode Fuzzy Hash: bea5feb231c93c742798a72126522e4b781d7c1dee495dee675264e55a32fbf6
                                                                                                                      • Instruction Fuzzy Hash: 84410772A183654FD35CDE29849023ABBE2AFC4300F19862EE4D6873D0DAB58945D791
                                                                                                                      Function 00D81E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 33cddb1959519d149408f40d5373c2a60294f369b7e31189ee35f4386d2f0e74
                                                                                                                      • Instruction ID: e2ef3a2afbad27a30c69e6163fdaf5962b67427f7bed53bc269c62ecef5c7d0f
                                                                                                                      • Opcode Fuzzy Hash: 33cddb1959519d149408f40d5373c2a60294f369b7e31189ee35f4386d2f0e74
                                                                                                                      • Instruction Fuzzy Hash: 4A41FF7550C380ABD321AB59C884B2EFBF9FB86354F144D1CF6C497292C376E8198B66
                                                                                                                      Function 00DB8D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2d7e72ae29114c78dbdacb99125c2b7d8edfb3c9e133340d8adc3edb0c882e5f
                                                                                                                      • Instruction ID: 6a4b083ad3ffba88a354762b5f37e74f8e8e27f678a988c43d8442a9237c2dcf
                                                                                                                      • Opcode Fuzzy Hash: 2d7e72ae29114c78dbdacb99125c2b7d8edfb3c9e133340d8adc3edb0c882e5f
                                                                                                                      • Instruction Fuzzy Hash: 3341CF3160C2508FC304EF68C49056EFBEAAF99300F098A2ED4D6D72A1CB74DD01CBA2
                                                                                                                      Function 00D8D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 98de7e7e46a2484abbd4e1045919d8c32936fe61d34293aa6592279a3cd462ca
                                                                                                                      • Instruction ID: be9984522671198c6b507e9dbfd41a813dd484583bad41244d5103b6c8d213ce
                                                                                                                      • Opcode Fuzzy Hash: 98de7e7e46a2484abbd4e1045919d8c32936fe61d34293aa6592279a3cd462ca
                                                                                                                      • Instruction Fuzzy Hash: 99418BB1508382CBD734AF14C881FABB7B1FFA6365F084958E48A8B791E7744941CB63
                                                                                                                      Function 00DAF030 Relevance: .1, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                      • Instruction ID: 7142bd10947ab12b4848ece0d97f9844844931660ffbad668e3b9d90a5443734
                                                                                                                      • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                      • Instruction Fuzzy Hash: E52107329082244BC3249B9DC481A3BF7E5EB9A704F0AC67EE9C4A7295E335DC1487F5
                                                                                                                      Function 00DB67EF Relevance: .1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7a033b3a4727a2aa30b3cd73d1943da1eea539818e7cf4b798c0d9a28b903aa4
                                                                                                                      • Instruction ID: d025dfab16664fec0f50def33117817acb06e0aad6c6954bc4c8e660014d67e6
                                                                                                                      • Opcode Fuzzy Hash: 7a033b3a4727a2aa30b3cd73d1943da1eea539818e7cf4b798c0d9a28b903aa4
                                                                                                                      • Instruction Fuzzy Hash: 08312274518382DAE714CF14C490A6FBBF0EF96784F54590CF4C9AB2A1D338D985CBAA
                                                                                                                      Function 00D95E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a41e59a5a2e8192ca483faca9d4f1d0ee2e1504a8e7c75b7c9b960d924038079
                                                                                                                      • Instruction ID: 69130083c8398a87842c15d2dccba922f48c40a6f7223f22d41b4263e149d38f
                                                                                                                      • Opcode Fuzzy Hash: a41e59a5a2e8192ca483faca9d4f1d0ee2e1504a8e7c75b7c9b960d924038079
                                                                                                                      • Instruction Fuzzy Hash: A821DE71408201CBC711AF28D85192BBBF4EF92764F48892CF4D98B296E335CA00CBB3
                                                                                                                      Function 00FCE5B8 Relevance: .1, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0ac9ae45571178cfbfe0c3a6a7f655c7b17242df9ee363f490b38631b240486b
                                                                                                                      • Instruction ID: 58fac972df74c3eb17fc5625ca20e862f9ab0f44aa958a467d33de0ee1ad7746
                                                                                                                      • Opcode Fuzzy Hash: 0ac9ae45571178cfbfe0c3a6a7f655c7b17242df9ee363f490b38631b240486b
                                                                                                                      • Instruction Fuzzy Hash: 6831E0B250C2009FE349AF28D88676EFBE5FF58310F06492DE6D5C2614E73598808B97
                                                                                                                      Function 00D749A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                      • Instruction ID: c336396b371a27b03c2ee4b0f9a4057754f85c4a78a4615a50ea8f1c82a7a326
                                                                                                                      • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                      • Instruction Fuzzy Hash: CB31C2316582009BD7129E18D880A2BB7E1EFC4358F58C92DE89E8B251F331DC42CB66
                                                                                                                      Function 00DB64B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7d818073a1aa4b4ff47ff8df9e5925d0e19f3a7c826ad88714b25cb322b04241
                                                                                                                      • Instruction ID: 23944aee7f0c8ef93852a0209c196ab6e999875c55e5f77fa9bc547f7225e732
                                                                                                                      • Opcode Fuzzy Hash: 7d818073a1aa4b4ff47ff8df9e5925d0e19f3a7c826ad88714b25cb322b04241
                                                                                                                      • Instruction Fuzzy Hash: 2B21077450C242DBC705EF19E580A6EB7E5FB95745F18881CE4C693361C739E891CB72
                                                                                                                      Function 00DB5700 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 82551b28b7e1d8fb0f3ae301fdd45c0ae7c6ea68074f95adcadd39a97cf68127
                                                                                                                      • Instruction ID: 40dc4034ee504e86535deba5c0cf970332f2bb7891d12185aaed1c1bf6a81d44
                                                                                                                      • Opcode Fuzzy Hash: 82551b28b7e1d8fb0f3ae301fdd45c0ae7c6ea68074f95adcadd39a97cf68127
                                                                                                                      • Instruction Fuzzy Hash: 3A118C71918241EBC702AF28E840A5BBBE5EF86710F158828E4C59B311D735D811CBB6
                                                                                                                      Function 00DAB650 Relevance: .1, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                      • Instruction ID: baea73ccbaa0ac19ec71273055f8c6526fea5b87750c726fb707778602026254
                                                                                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                      • Instruction Fuzzy Hash: 06118233A051D84EC7168D3C8440565BFE31AA3635B5D839AE4B89F2D3D722CD8B8365
                                                                                                                      Function 00DA0B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                      • Instruction ID: 784ae308a1fc558e321298e113aaae741378209a06b00213ec601d26542778aa
                                                                                                                      • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                      • Instruction Fuzzy Hash: DF0171F5A103024BE7209E6495D1B3BB6A8AF86718F1C853CE90A57202EB75EC05C6B1
                                                                                                                      Function 00D9D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4292399c6b9f196309529347d8a186e04a36ad27c5d7d29e632a726f7047b8a2
                                                                                                                      • Instruction ID: 28c3dac760eb02a9fae1877bdf2c9dfc5e3a3ce5ccbf16ebf0a05390384e4698
                                                                                                                      • Opcode Fuzzy Hash: 4292399c6b9f196309529347d8a186e04a36ad27c5d7d29e632a726f7047b8a2
                                                                                                                      • Instruction Fuzzy Hash: B411DDB0408380AFD310AF618584A1FFBE5EB96714F148C0DE5A49B251C375D815CB66
                                                                                                                      Function 00D76EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: afee22488cabbec1e9495096dee030ca1bfaf60c5842d2a083af832adeebb488
                                                                                                                      • Instruction ID: 23904f765794c11d543fdff0eebceb526e8dde94d02809f83103c9e9580c8a1a
                                                                                                                      • Opcode Fuzzy Hash: afee22488cabbec1e9495096dee030ca1bfaf60c5842d2a083af832adeebb488
                                                                                                                      • Instruction Fuzzy Hash: 53F02B3A7146094F6210CDAAE880837F396DBC5364B089539EA44C3201FD71E80141B0
                                                                                                                      Function 00DAB8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                      • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                      • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                      • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                      Function 00D8C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                      • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                      • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                      • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                      Function 00D8B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                      • Instruction ID: 6f6d5834aa6117882c901307fc8678500f91db96437fe8c90fd0deb74ce3f692
                                                                                                                      • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                      • Instruction Fuzzy Hash: E9F0A7B160451457DB229A9C9C81F3BBBDCCB8A768F190427E84557103D2615845C3F5
                                                                                                                      Function 00DA8220 Relevance: .0, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dc3ba568b911c79f3e9a395fb4d0173e75e7184fafb990ae40bac75d13ef9258
                                                                                                                      • Instruction ID: f70264db7c28ee2f58b8586d6ea141357b62b01e56d7f0d8efe1ccf69c892307
                                                                                                                      • Opcode Fuzzy Hash: dc3ba568b911c79f3e9a395fb4d0173e75e7184fafb990ae40bac75d13ef9258
                                                                                                                      • Instruction Fuzzy Hash: D801E4B04107009FC360EF29C44578BBBE8FB08714F104A1DE8AECB780D770A5448B92
                                                                                                                      Function 00DB1440 Relevance: .0, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                      • Instruction ID: ad54b68fdcb4f746349e7b8dcf069ec1a0b36e2bbab2b42205e47bc211e22a77
                                                                                                                      • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                      • Instruction Fuzzy Hash: 8AD0A735608321869F748E19A4109BBF7F0EAC7B11F8D955EF587E3148D230DC41C2B9
                                                                                                                      Function 00D81ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6a670d1a8a2f6c34016e68e6483339ddc8c16948335543a8a2e42cd2e703d769
                                                                                                                      • Instruction ID: 1a0a8f7585bcb4e9ae97c81f8c4122423222659ebf78f4e88515398a9ac1d772
                                                                                                                      • Opcode Fuzzy Hash: 6a670d1a8a2f6c34016e68e6483339ddc8c16948335543a8a2e42cd2e703d769
                                                                                                                      • Instruction Fuzzy Hash: 71C08C38A18302CBC208DF00FCA5832B3BCA307309710703ADA03F3321CA60C4078A29
                                                                                                                      Function 00DB6094 Relevance: .0, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 48a3c5d047b6db18e367a942b0a97d847b8b3ddf5d6056d4cca72a17114c466d
                                                                                                                      • Instruction ID: 48c7c05ed5ff3184b06003831ba103dff1d0a666a4f9ee6569709fec9e6a61aa
                                                                                                                      • Opcode Fuzzy Hash: 48a3c5d047b6db18e367a942b0a97d847b8b3ddf5d6056d4cca72a17114c466d
                                                                                                                      • Instruction Fuzzy Hash: 52C04C3465C102C6D148CE09E951975E2679A9B614724F019C84663395C124D912952C
                                                                                                                      Function 00D81A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ebde6c2799302235d983f7a1fc0f69b31c7363bb6a84a848717968520070b2bf
                                                                                                                      • Instruction ID: bebc530c2cb8a6de0adfe5d355931f643e3dfd7444cbd7ad84cbe9dc8665052c
                                                                                                                      • Opcode Fuzzy Hash: ebde6c2799302235d983f7a1fc0f69b31c7363bb6a84a848717968520070b2bf
                                                                                                                      • Instruction Fuzzy Hash: B9C09B34A59244CBC248DF85ECE1432A3FC9307208710353A9743F7361C560D4068619
                                                                                                                      Function 00DB5FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.2115217050.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.2115200802.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000DD0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000000F43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.0000000001054000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000105C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115252934.000000000106C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115535047.000000000106D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115632601.00000000011FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.2115647218.0000000001200000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_d70000_file.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6cc1ceb2d451f48d566eeb519acb38912c53c2f864a547a35eca86bd8813d99a
                                                                                                                      • Instruction ID: 41dc85f15614ded38cde2f183c6e194dd3d28d1b9e6dae2d287e38be61728b32
                                                                                                                      • Opcode Fuzzy Hash: 6cc1ceb2d451f48d566eeb519acb38912c53c2f864a547a35eca86bd8813d99a
                                                                                                                      • Instruction Fuzzy Hash: 99C09224B682028BE24CCF18DD51D35F2BB9B8BA18B14F02DC806E3356D134E912862C