Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1526551
MD5:bdcde8ea7e2b2dc63cce44e50f0a6257
SHA1:e658b3da104ced11c8ec14f24d6669dca4a54987
SHA256:657b7ee6f83be4b24fddd47c8b4194c87311064baf20b09b1fd3812b98aa74ec
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7152 cmdline: "C:\Users\user\Desktop\file.exe" MD5: BDCDE8EA7E2B2DC63CCE44E50F0A6257)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["studennotediw.stor", "dissapoiznw.stor", "clearancek.site", "eaglepawnoy.stor", "mobbipenju.stor", "bathdoomgaz.stor", "spirittunek.stor", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T09:33:04.099670+020020564771Domain Observed Used for C2 Detected192.168.2.6563761.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T09:33:04.036455+020020564711Domain Observed Used for C2 Detected192.168.2.6563761.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T09:33:04.066424+020020564811Domain Observed Used for C2 Detected192.168.2.6553771.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T09:33:04.057708+020020564831Domain Observed Used for C2 Detected192.168.2.6550251.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T09:33:04.121265+020020564731Domain Observed Used for C2 Detected192.168.2.6626661.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T09:33:04.047892+020020564851Domain Observed Used for C2 Detected192.168.2.6584031.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T09:33:04.110607+020020564751Domain Observed Used for C2 Detected192.168.2.6608781.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T09:33:04.086508+020020564791Domain Observed Used for C2 Detected192.168.2.6591341.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.7152.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["studennotediw.stor", "dissapoiznw.stor", "clearancek.site", "eaglepawnoy.stor", "mobbipenju.stor", "bathdoomgaz.stor", "spirittunek.stor", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: https://feelystroll.buzz/Virustotal: Detection: 11%Perma Link
    Source: https://feelystroll.buzz/apiVirustotal: Detection: 12%Perma Link
    Source: https://steamcommunity.com/profiles/76561199724331900/Virustotal: Detection: 6%Perma Link
    Multi AV Scanner detection for submitted file
    Source: file.exeReversingLabs: Detection: 28%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0030D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0030D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_003463B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0034695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_003499D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0030FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00310EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0033F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00316F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00301000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00344040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00346094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0032D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00322260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00322260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_003142FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0030A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_003323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_003323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_003323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_003323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_003323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_003323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0031B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0032E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0032C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0031D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00341440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_003464B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00316536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00347520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00329510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00308590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0032E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0033B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00347710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00345700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0032D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_003467EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_003228E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00343920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0031D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_003049A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00311A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00305A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00344A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00311ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00349B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0031DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0031DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00330B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00313BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00311BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0033FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00327C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0032EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0032AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0032AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00349CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00349CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0032CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0032CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0032CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0032DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0032FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00348D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00314E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00325E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00327E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0032AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0030BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00316EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00306EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00311E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0033FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00329F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00316F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00308FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00345FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0031FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00347FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00347FC0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:60878 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:55025 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:62666 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:58403 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:55377 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:56376 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:56376 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:59134 -> 1.1.1.1:53
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: studennotediw.stor
    Source: Malware configuration extractorURLs: dissapoiznw.stor
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: eaglepawnoy.stor
    Source: Malware configuration extractorURLs: mobbipenju.stor
    Source: Malware configuration extractorURLs: bathdoomgaz.stor
    Source: Malware configuration extractorURLs: spirittunek.stor
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: feelystroll.buzz
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.2190498715.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api
    Source: file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steam0Nl
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000002.2190378454.0000000001325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&l=e
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feelystroll.buzz/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feelystroll.buzz/1
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feelystroll.buzz/api
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feelystroll.buzz/api#
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feelystroll.buzz/i
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feelystroll.buzz/y
    Source: file.exe, 00000000.00000002.2190498715.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feelystroll.buzz:443/apiofiles/76561199724331900
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000002.2190498715.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store:443/api
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000002.2190498715.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/ki/c
    Source: file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2189376539.0000000001340000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.2189376539.0000000001340000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/
    Source: file.exe, 00000000.00000003.2189342494.00000000013A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001329000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000002.2190378454.0000000001325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steVp
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003102280_2_00310228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003120300_2_00312030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003010000_2_00301000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003440400_2_00344040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034A0D00_2_0034A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D21710_2_004D2171
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003051600_2_00305160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004CF1300_2_004CF130
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0030E1A00_2_0030E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003511840_2_00351184
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003071F00_2_003071F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0054E18D0_2_0054E18D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D72680_2_004D7268
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003012F70_2_003012F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003382D00_2_003382D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003312D00_2_003312D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0030A3000_2_0030A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0030B3A00_2_0030B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003013A30_2_003013A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003323E00_2_003323E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0032C4700_2_0032C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0031049B0_2_0031049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003144870_2_00314487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003364F00_2_003364F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003035B00_2_003035B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003085900_2_00308590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0031C5F00_2_0031C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0033F6200_2_0033F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003486520_2_00348652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C16390_2_004C1639
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0030164F0_2_0030164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D06C30_2_004D06C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D56F80_2_004D56F8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003486F00_2_003486F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004CB6A90_2_004CB6A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035072B0_2_0035072B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C67280_2_004C6728
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C87F90_2_004C87F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0043C85B0_2_0043C85B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003318600_2_00331860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0030A8500_2_0030A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0033E8A00_2_0033E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0033B8C00_2_0033B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004BF9CC0_2_004BF9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003489A00_2_003489A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0032098B0_2_0032098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0037FA350_2_0037FA35
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00344A400_2_00344A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00347AB00_2_00347AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00348A800_2_00348A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0031DB6F0_2_0031DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00307BF00_2_00307BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D3C7B0_2_004D3C7B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00348C020_2_00348C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004C4CC50_2_004C4CC5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00346CBF0_2_00346CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0032CCD00_2_0032CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00460D540_2_00460D54
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0032DD290_2_0032DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0032FD100_2_0032FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00328D620_2_00328D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00314E2A0_2_00314E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00348E700_2_00348E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0032AE570_2_0032AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0030BEB00_2_0030BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00316EBF0_2_00316EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0030AF100_2_0030AF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00351F6B0_2_00351F6B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00308FD00_2_00308FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00347FC00_2_00347FC0
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0030CAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0031D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995616749174917
    Source: file.exeStatic PE information: Section: uimcmjhm ZLIB complexity 0.9943082526540071
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00338220 CoCreateInstance,0_2_00338220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeReversingLabs: Detection: 28%
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1882112 > 1048576
    Source: file.exeStatic PE information: Raw size of uimcmjhm is bigger than: 0x100000 < 0x1a2000

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.300000.0.unpack :EW;.rsrc :W;.idata :W; :EW;uimcmjhm:EW;givvxded:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;uimcmjhm:EW;givvxded:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1d871b should be: 0x1cde92
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: uimcmjhm
    Source: file.exeStatic PE information: section name: givvxded
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005AE0D5 push 599F36ADh; mov dword ptr [esp], edi0_2_005AE0FB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004DC0F5 push 1635FF38h; mov dword ptr [esp], ecx0_2_004DC154
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00576082 push 70726281h; mov dword ptr [esp], ebp0_2_005760AF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00576082 push 7928D4C6h; mov dword ptr [esp], edx0_2_005760E8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00576082 push edi; mov dword ptr [esp], esi0_2_00576109
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00576082 push edi; mov dword ptr [esp], esi0_2_0057617D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004EC096 push edx; mov dword ptr [esp], edi0_2_004EC0AA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004E1158 push eax; mov dword ptr [esp], 3FB7A9E4h0_2_004E111D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005C216E push ebx; mov dword ptr [esp], esp0_2_005C2180
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ebx; mov dword ptr [esp], 00000470h0_2_004D2220
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ecx; mov dword ptr [esp], 51D04900h0_2_004D224F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ebx; mov dword ptr [esp], 5F6ABC44h0_2_004D22AB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push 1238DBA6h; mov dword ptr [esp], edi0_2_004D2394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ebp; mov dword ptr [esp], 5F017C4Dh0_2_004D23F5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ebp; mov dword ptr [esp], ecx0_2_004D2493
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push 7AA99872h; mov dword ptr [esp], edx0_2_004D2548
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push 03FFAB61h; mov dword ptr [esp], ecx0_2_004D25DF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push esi; mov dword ptr [esp], 7E7F94F1h0_2_004D25E3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push edx; mov dword ptr [esp], ebp0_2_004D25EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ecx; mov dword ptr [esp], esi0_2_004D26A6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push 7606A6FBh; mov dword ptr [esp], ecx0_2_004D271B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push edx; mov dword ptr [esp], ebp0_2_004D2732
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push 7F38432Fh; mov dword ptr [esp], ecx0_2_004D2796
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ebx; mov dword ptr [esp], ecx0_2_004D27BB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push esi; mov dword ptr [esp], edx0_2_004D2889
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push eax; mov dword ptr [esp], ecx0_2_004D28B7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ebx; mov dword ptr [esp], ecx0_2_004D28CE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push edi; mov dword ptr [esp], eax0_2_004D2949
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push ebp; mov dword ptr [esp], ecx0_2_004D296B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push esi; mov dword ptr [esp], edx0_2_004D2A4F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004D2171 push 7CEFBF5Eh; mov dword ptr [esp], ecx0_2_004D2AA2
    Source: file.exeStatic PE information: section name: entropy: 7.978448333707626
    Source: file.exeStatic PE information: section name: uimcmjhm entropy: 7.9533842941242785

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 363B90 second address: 363B94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 363B94 second address: 363BBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093C1A78h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FBE093C1A66h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 363BBC second address: 363BC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 363BC0 second address: 363BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 363BC6 second address: 363BCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DCEA4 second address: 4DCEB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FBE093C1A66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007FBE093C1A66h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CB227 second address: 4CB22D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CB22D second address: 4CB233 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC019 second address: 4DC02B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE08E1478Ah 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC02B second address: 4DC04E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jg 00007FBE093C1A80h 0x0000000d jmp 00007FBE093C1A74h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC460 second address: 4DC468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DC5A3 second address: 4DC5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE093C1A75h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE069 second address: 4DE075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE075 second address: 4DE0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jp 00007FBE093C1A6Ch 0x0000000d or ecx, dword ptr [ebp+122D3928h] 0x00000013 push 00000000h 0x00000015 jmp 00007FBE093C1A6Eh 0x0000001a call 00007FBE093C1A69h 0x0000001f pushad 0x00000020 jnl 00007FBE093C1A68h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE275 second address: 4DE279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE279 second address: 4DE2ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 060CABBEh 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FBE093C1A68h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dh, cl 0x0000002a push 00000003h 0x0000002c mov dword ptr [ebp+122D1B51h], eax 0x00000032 push 00000000h 0x00000034 call 00007FBE093C1A73h 0x00000039 jmp 00007FBE093C1A71h 0x0000003e pop esi 0x0000003f push 00000003h 0x00000041 and ecx, 2B52D031h 0x00000047 push 980A0FB5h 0x0000004c push eax 0x0000004d push edx 0x0000004e push ecx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE2ED second address: 4DE2F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE2F2 second address: 4DE2FC instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBE093C1A6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE3AA second address: 4DE3AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DE3AF second address: 4DE3FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBE093C1A78h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 jno 00007FBE093C1A66h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 push edi 0x0000001a jbe 00007FBE093C1A66h 0x00000020 pop edi 0x00000021 popad 0x00000022 nop 0x00000023 mov edi, ebx 0x00000025 push 00000000h 0x00000027 mov dword ptr [ebp+122D1B28h], edx 0x0000002d push 2238EBB6h 0x00000032 push eax 0x00000033 push edx 0x00000034 push esi 0x00000035 push edi 0x00000036 pop edi 0x00000037 pop esi 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FEE0F second address: 4FEE13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CE771 second address: 4CE777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CE777 second address: 4CE7A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 je 00007FBE08E14786h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FBE08E14791h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jbe 00007FBE08E14786h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CE7A2 second address: 4CE7F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093C1A6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FBE093C1A6Eh 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FBE093C1A6Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FBE093C1A6Eh 0x0000001c jmp 00007FBE093C1A75h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CE7F4 second address: 4CE7F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CE7F8 second address: 4CE7FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CE7FE second address: 4CE825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FBE08E147A5h 0x0000000c jmp 00007FBE08E14799h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FCDAC second address: 4FCDB7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnp 00007FBE093C1A66h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FCEC5 second address: 4FCEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FCEC9 second address: 4FCECD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FCFF1 second address: 4FD007 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 popad 0x00000009 jne 00007FBE08E14786h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD007 second address: 4FD00D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD522 second address: 4FD52C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FBE08E14786h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD7E0 second address: 4FD7E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD7E4 second address: 4FD7EA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FD913 second address: 4FD927 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 je 00007FBE093C1A66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007FBE093C1A6Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FDBC9 second address: 4FDBCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FDBCF second address: 4FDBD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FDD98 second address: 4FDDAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FBE08E1478Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE525 second address: 4FE52F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FBE093C1A66h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE52F second address: 4FE539 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBE093BFB96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE6A1 second address: 4FE6A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE6A7 second address: 4FE6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE6B2 second address: 4FE6B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE6B6 second address: 4FE6BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE6BC second address: 4FE6D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE093B9283h 0x00000009 jp 00007FBE093B9276h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4FE6D9 second address: 4FE6E3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBE093BFB96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500DEF second address: 500DF5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500DF5 second address: 500E00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FBE093BFB96h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 500E00 second address: 500E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE093B9285h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007FBE093B9276h 0x00000012 jmp 00007FBE093B927Ch 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50410E second address: 504112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50531F second address: 505323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 505323 second address: 50533F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FBE093BFBA3h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50533F second address: 505345 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D6D8C second address: 4D6D90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 508C40 second address: 508C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jp 00007FBE093B9276h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50966F second address: 509683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FBE093BFB9Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 509683 second address: 50968F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 js 00007FBE093B9276h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50968F second address: 5096AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BFBA8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5096AB second address: 5096B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50B56F second address: 50B589 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BFBA6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50B589 second address: 50B5AB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnc 00007FBE093B9276h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 6A5F8388h 0x00000013 mov esi, dword ptr [ebp+122D2AD7h] 0x00000019 push 22EFE716h 0x0000001e push ebx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50BBCF second address: 50BBE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BFBA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50BCEA second address: 50BCFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FBE093B9276h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50BCFC second address: 50BD02 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50BD02 second address: 50BD1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBE093B9286h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C176 second address: 50C191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE093BFBA7h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C191 second address: 50C20F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093B9284h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jl 00007FBE093B9283h 0x00000013 jmp 00007FBE093B927Dh 0x00000018 jmp 00007FBE093B927Fh 0x0000001d popad 0x0000001e xchg eax, ebx 0x0000001f push 00000000h 0x00000021 push eax 0x00000022 call 00007FBE093B9278h 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c add dword ptr [esp+04h], 00000014h 0x00000034 inc eax 0x00000035 push eax 0x00000036 ret 0x00000037 pop eax 0x00000038 ret 0x00000039 or esi, dword ptr [ebp+122D57CBh] 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push esi 0x00000043 jmp 00007FBE093B9287h 0x00000048 pop esi 0x00000049 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C20F second address: 50C215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C215 second address: 50C219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C2A6 second address: 50C2AB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50C66A second address: 50C66E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E227 second address: 50E22B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50E22B second address: 50E240 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBE093B927Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EC26 second address: 50EC8F instructions: 0x00000000 rdtsc 0x00000002 je 00007FBE093BFBAFh 0x00000008 jmp 00007FBE093BFBA9h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007FBE093BFB98h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c xor dword ptr [ebp+122D363Fh], edi 0x00000032 push 00000000h 0x00000034 sub edi, 482AE0FDh 0x0000003a push 00000000h 0x0000003c mov edi, dword ptr [ebp+122D38B5h] 0x00000042 xchg eax, ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jp 00007FBE093BFB96h 0x0000004d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EAA9 second address: 50EAAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EC8F second address: 50EC93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EAAD second address: 50EAB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EC93 second address: 50EC99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EAB3 second address: 50EAC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE093B927Dh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EC99 second address: 50EC9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EAC4 second address: 50EAC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50EC9F second address: 50ECA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50F4EB second address: 50F4F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 50F4F0 second address: 50F4F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 510F70 second address: 510F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jo 00007FBE093B9278h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511199 second address: 5111A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FBE093BFB96h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 510F84 second address: 510F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5111A3 second address: 5111F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BFBA0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c ja 00007FBE093BFBADh 0x00000012 nop 0x00000013 push 00000000h 0x00000015 mov edi, dword ptr [ebp+122D29E8h] 0x0000001b push 00000000h 0x0000001d mov si, D6F7h 0x00000021 stc 0x00000022 push eax 0x00000023 push eax 0x00000024 jng 00007FBE093BFB9Ch 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511CA5 second address: 511CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511CAB second address: 511CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511A33 second address: 511A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FBE093B9276h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511A3E second address: 511A61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BFBA8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511A61 second address: 511A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511D9D second address: 511DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jnp 00007FBE093BFBA8h 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007FBE093BFB96h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511A65 second address: 511A6F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBE093B9276h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511DB2 second address: 511DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511A6F second address: 511A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FBE093B9276h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5128B2 second address: 5128BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FBE093BFB96h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5128BC second address: 512939 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b jbe 00007FBE093B9276h 0x00000011 jnc 00007FBE093B9276h 0x00000017 popad 0x00000018 pop ebx 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007FBE093B9278h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 movsx esi, ax 0x00000037 mov dword ptr [ebp+122D2A20h], edx 0x0000003d mov esi, dword ptr [ebp+122D1BF0h] 0x00000043 push 00000000h 0x00000045 mov edi, dword ptr [ebp+122D2CEBh] 0x0000004b push 00000000h 0x0000004d push edx 0x0000004e mov dword ptr [ebp+122D3518h], edx 0x00000054 pop edi 0x00000055 xchg eax, ebx 0x00000056 js 00007FBE093B9288h 0x0000005c push ebx 0x0000005d jmp 00007FBE093B9280h 0x00000062 pop ebx 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 jng 00007FBE093B9276h 0x0000006d push eax 0x0000006e pop eax 0x0000006f popad 0x00000070 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 513430 second address: 513434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51320B second address: 51321A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE093B927Ah 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 516D43 second address: 516D47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 516D47 second address: 516D4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 516D4D second address: 516D74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BFB9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jc 00007FBE093BFBABh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FBE093BFB9Dh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51A60C second address: 51A630 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093B9285h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jnp 00007FBE093B9276h 0x00000013 pop edi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51C6B0 second address: 51C6B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51C6B4 second address: 51C6CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007FBE093B927Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51DCC8 second address: 51DD0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BFBA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c add dword ptr [ebp+122D365Ch], ecx 0x00000012 mov di, si 0x00000015 push 00000000h 0x00000017 or bl, 00000079h 0x0000001a push 00000000h 0x0000001c pushad 0x0000001d mov dword ptr [ebp+122D1B63h], edx 0x00000023 stc 0x00000024 popad 0x00000025 push eax 0x00000026 jnp 00007FBE093BFBA0h 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51CE4D second address: 51CE51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51CF2E second address: 51CF33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51EDE9 second address: 51EDEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51DE17 second address: 51DE1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51EDEF second address: 51EE6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FBE093B9278h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 jg 00007FBE093B927Ch 0x00000029 and bx, 3C7Fh 0x0000002e push 00000000h 0x00000030 mov di, bx 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007FBE093B9278h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f mov di, 6817h 0x00000053 xchg eax, esi 0x00000054 jmp 00007FBE093B927Fh 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f pop eax 0x00000060 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51DE1D second address: 51DE2F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007FBE093BFBB1h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51EE6E second address: 51EE74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 520E2F second address: 520E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51F093 second address: 51F099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51F099 second address: 51F09D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5214D9 second address: 5214DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52176E second address: 521772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 521772 second address: 52179B instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBE093B9276h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007FBE093B9286h 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5233DD second address: 52341B instructions: 0x00000000 rdtsc 0x00000002 je 00007FBE093BFB96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FBE093BFBA0h 0x00000010 nop 0x00000011 ja 00007FBE093BFB99h 0x00000017 push 00000000h 0x00000019 or dword ptr [ebp+122D1BF0h], edx 0x0000001f push 00000000h 0x00000021 adc bx, 48D2h 0x00000026 xchg eax, esi 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a jg 00007FBE093BFB96h 0x00000030 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52341B second address: 52343F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FBE093BE2B6h 0x0000000b popad 0x0000000c push eax 0x0000000d push ebx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 525714 second address: 52579F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jmp 00007FBE0900455Fh 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007FBE09004558h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 or bx, 40DAh 0x0000002b mov dword ptr [ebp+122D3453h], edx 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007FBE09004558h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 00000018h 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d push 00000000h 0x0000004f mov edi, 2BCB2422h 0x00000054 push eax 0x00000055 pushad 0x00000056 jp 00007FBE09004567h 0x0000005c jmp 00007FBE09004561h 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52466D second address: 524673 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 524673 second address: 524682 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBE0900455Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 523518 second address: 523547 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FBE093BE2B8h 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FBE093BE2AAh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 526683 second address: 526687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 523547 second address: 5235DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FBE093BE2A8h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push dword ptr fs:[00000000h] 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007FBE093BE2A8h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 or dword ptr [ebp+122D29BEh], edi 0x0000004c mov dword ptr fs:[00000000h], esp 0x00000053 mov dword ptr [ebp+12456B07h], ecx 0x00000059 mov eax, dword ptr [ebp+122D155Dh] 0x0000005f mov dword ptr [ebp+122D29B4h], ebx 0x00000065 push FFFFFFFFh 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a jnl 00007FBE093BE2ACh 0x00000070 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52671B second address: 52672A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FBE09004556h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C62A2 second address: 4C62A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 526913 second address: 526942 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBE0900456Fh 0x00000008 jmp 00007FBE09004569h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jne 00007FBE09004556h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C62A7 second address: 4C62AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 526942 second address: 526947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 526947 second address: 52694D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52694D second address: 526951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 528B31 second address: 528B8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a call 00007FBE093BE2ADh 0x0000000f movzx edi, di 0x00000012 pop ebx 0x00000013 push 00000000h 0x00000015 mov edi, dword ptr [ebp+122D34E5h] 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007FBE093BE2A8h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 0000001Ah 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 528B8C second address: 528B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 528B90 second address: 528B96 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 529B6B second address: 529C03 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FBE09004565h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov edi, 01E10859h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007FBE09004558h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d sub dword ptr [ebp+1247CD72h], ecx 0x00000033 jmp 00007FBE0900455Dh 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ecx 0x0000003d call 00007FBE09004558h 0x00000042 pop ecx 0x00000043 mov dword ptr [esp+04h], ecx 0x00000047 add dword ptr [esp+04h], 00000018h 0x0000004f inc ecx 0x00000050 push ecx 0x00000051 ret 0x00000052 pop ecx 0x00000053 ret 0x00000054 push ebx 0x00000055 jbe 00007FBE0900455Bh 0x0000005b mov ebx, 05DF6DA8h 0x00000060 pop ebx 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push esi 0x00000065 jmp 00007FBE0900455Dh 0x0000006a pop esi 0x0000006b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 528DB9 second address: 528DBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52AD05 second address: 52AD1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE09004560h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 531293 second address: 5312B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBE093BE2B8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5343E4 second address: 5343EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 534699 second address: 53469D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53469D second address: 5346A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5346A7 second address: 5346B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FBE093BE2A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537B2D second address: 537B37 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBE09004556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537B37 second address: 537B51 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 537B51 second address: 537B81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FBE0900455Ah 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FBE09004568h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53A352 second address: 53A365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jc 00007FBE093BE2A6h 0x0000000c jng 00007FBE093BE2A6h 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53A365 second address: 53A37D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FBE09004562h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53A37D second address: 53A381 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 53B9C3 second address: 53B9E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE09004568h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FBE09004556h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5414AA second address: 5414B1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D3771 second address: 4D3775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D3775 second address: 4D37B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2AAh 0x00000007 jmp 00007FBE093BE2B3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FBE093BE2B9h 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D37B7 second address: 4D37BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D37BB second address: 4D37C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D37C7 second address: 4D37CD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540798 second address: 54079E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54079E second address: 5407A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5407A3 second address: 5407E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jg 00007FBE093BE2A6h 0x00000014 jmp 00007FBE093BE2AFh 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b popad 0x0000001c jmp 00007FBE093BE2AEh 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540AD5 second address: 540ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540D89 second address: 540D98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE093BE2ABh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540D98 second address: 540D9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540D9C second address: 540DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBE093BE2B3h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540DBA second address: 540DCA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FBE09004556h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 540DCA second address: 540DE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FBE093BE2ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5412E8 second address: 5412EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5412EC second address: 541312 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBE093BE2BCh 0x00000008 jnp 00007FBE093BE2A6h 0x0000000e jmp 00007FBE093BE2B0h 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007FBE093BE2A6h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5440FD second address: 544101 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 544101 second address: 54410C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54410C second address: 544111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 544111 second address: 54411C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FBE093BE2A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547462 second address: 547466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547466 second address: 547472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FBE093BE2A6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5145A9 second address: 5145AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5145AE second address: 514646 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBE093BE2ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FBE093BE2A8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 jmp 00007FBE093BE2B0h 0x0000002c call 00007FBE093BE2B6h 0x00000031 mov dx, di 0x00000034 pop edx 0x00000035 lea eax, dword ptr [ebp+124842C5h] 0x0000003b push 00000000h 0x0000003d push edi 0x0000003e call 00007FBE093BE2A8h 0x00000043 pop edi 0x00000044 mov dword ptr [esp+04h], edi 0x00000048 add dword ptr [esp+04h], 0000001Ch 0x00000050 inc edi 0x00000051 push edi 0x00000052 ret 0x00000053 pop edi 0x00000054 ret 0x00000055 push eax 0x00000056 jbe 00007FBE093BE2B0h 0x0000005c pushad 0x0000005d push esi 0x0000005e pop esi 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 514AB9 second address: 363B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FBE0900455Ch 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FBE09004563h 0x00000011 nop 0x00000012 sub edi, 4D13E20Ch 0x00000018 push dword ptr [ebp+122D0525h] 0x0000001e or dword ptr [ebp+122D1DEEh], edi 0x00000024 call dword ptr [ebp+122D3A57h] 0x0000002a pushad 0x0000002b or dword ptr [ebp+122D32BFh], edx 0x00000031 jmp 00007FBE09004561h 0x00000036 xor eax, eax 0x00000038 jng 00007FBE0900455Dh 0x0000003e xor dword ptr [ebp+122D3958h], edi 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 jl 00007FBE09004557h 0x0000004e mov dword ptr [ebp+122D2DCBh], eax 0x00000054 sub dword ptr [ebp+122D32BFh], edx 0x0000005a mov esi, 0000003Ch 0x0000005f pushad 0x00000060 mov edi, 370E3A00h 0x00000065 mov bx, dx 0x00000068 popad 0x00000069 add esi, dword ptr [esp+24h] 0x0000006d clc 0x0000006e mov dword ptr [ebp+122D1BEBh], eax 0x00000074 lodsw 0x00000076 add dword ptr [ebp+122D32BFh], eax 0x0000007c add eax, dword ptr [esp+24h] 0x00000080 jns 00007FBE09004560h 0x00000086 mov ebx, dword ptr [esp+24h] 0x0000008a jmp 00007FBE0900455Ch 0x0000008f nop 0x00000090 push ecx 0x00000091 push eax 0x00000092 push edx 0x00000093 push eax 0x00000094 push edx 0x00000095 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 514B6B second address: 514B7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE093BE2ABh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 514B7A second address: 363B90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE09004569h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f sub dword ptr [ebp+122D384Ah], edi 0x00000015 jne 00007FBE0900455Bh 0x0000001b popad 0x0000001c push dword ptr [ebp+122D0525h] 0x00000022 call 00007FBE09004560h 0x00000027 mov cx, bx 0x0000002a pop edi 0x0000002b jns 00007FBE09004559h 0x00000031 call dword ptr [ebp+122D3A57h] 0x00000037 pushad 0x00000038 or dword ptr [ebp+122D32BFh], edx 0x0000003e jmp 00007FBE09004561h 0x00000043 xor eax, eax 0x00000045 jng 00007FBE0900455Dh 0x0000004b xor dword ptr [ebp+122D3958h], edi 0x00000051 mov edx, dword ptr [esp+28h] 0x00000055 jl 00007FBE09004557h 0x0000005b stc 0x0000005c mov dword ptr [ebp+122D2DCBh], eax 0x00000062 sub dword ptr [ebp+122D32BFh], edx 0x00000068 mov esi, 0000003Ch 0x0000006d pushad 0x0000006e mov edi, 370E3A00h 0x00000073 mov bx, dx 0x00000076 popad 0x00000077 add esi, dword ptr [esp+24h] 0x0000007b clc 0x0000007c mov dword ptr [ebp+122D1BEBh], eax 0x00000082 lodsw 0x00000084 add dword ptr [ebp+122D32BFh], eax 0x0000008a add eax, dword ptr [esp+24h] 0x0000008e jns 00007FBE09004560h 0x00000094 mov ebx, dword ptr [esp+24h] 0x00000098 jmp 00007FBE0900455Ch 0x0000009d nop 0x0000009e push ecx 0x0000009f push eax 0x000000a0 push edx 0x000000a1 push eax 0x000000a2 push edx 0x000000a3 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 514CC7 second address: 514CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 clc 0x00000008 mov dword ptr [ebp+122D362Dh], edx 0x0000000e call 00007FBE093BE2A9h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jns 00007FBE093BE2A6h 0x0000001c jnc 00007FBE093BE2A6h 0x00000022 popad 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 514CEE second address: 514CF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 514CF5 second address: 514D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FBE093BE2B9h 0x0000000e jmp 00007FBE093BE2B8h 0x00000013 popad 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 jmp 00007FBE093BE2B4h 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 514FFF second address: 515005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5151C9 second address: 5151D7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBE093BE2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 515559 second address: 51555F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51555F second address: 51557A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51557A second address: 515585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBE09004556h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 515991 second address: 515995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 515995 second address: 51599B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51599B second address: 5159A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547767 second address: 54776C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547A21 second address: 547A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547A27 second address: 547A33 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547A33 second address: 547A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547A37 second address: 547A3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547A3B second address: 547A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547D0C second address: 547D16 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBE09004556h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 547D16 second address: 547D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54C89B second address: 54C89F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54C89F second address: 54C8B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54C8B4 second address: 54C8D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FBE09004556h 0x0000000a jmp 00007FBE09004566h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54C8D4 second address: 54C8E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jg 00007FBE093BE2A6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54CBB9 second address: 54CBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54CBBD second address: 54CBD4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jns 00007FBE093BE2A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jno 00007FBE093BE2A6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54CBD4 second address: 54CBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push edx 0x0000000e jl 00007FBE09004556h 0x00000014 pop edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D0DA second address: 54D0E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D0E0 second address: 54D100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE0900455Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBE0900455Ah 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D100 second address: 54D106 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D106 second address: 54D10E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D10E second address: 54D12C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBE093BE2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jns 00007FBE093BE2A6h 0x00000011 jbe 00007FBE093BE2A6h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D2E3 second address: 54D2E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D2E9 second address: 54D306 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FBE093BE2B5h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D306 second address: 54D310 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBE09004556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D310 second address: 54D324 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBE093BE2A8h 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FBE093BE2A6h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D324 second address: 54D328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D497 second address: 54D4BF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBE093BE2A6h 0x00000008 jmp 00007FBE093BE2AAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FBE093BE2B4h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D4BF second address: 54D4DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE09004566h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D4DB second address: 54D50B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FBE093BE2ABh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jbe 00007FBE093BE2B2h 0x00000016 jnl 00007FBE093BE2A6h 0x0000001c jbe 00007FBE093BE2A6h 0x00000022 jbe 00007FBE093BE2AEh 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54D80E second address: 54D841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FBE09004556h 0x0000000a jmp 00007FBE0900455Dh 0x0000000f popad 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007FBE0900455Ch 0x00000019 jno 00007FBE09004556h 0x0000001f jmp 00007FBE0900455Ch 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55220A second address: 552234 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBE093BE2AEh 0x00000008 pushad 0x00000009 jmp 00007FBE093BE2B5h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5523FD second address: 552413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE09004562h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552413 second address: 552424 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 js 00007FBE093BE2A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552424 second address: 552429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552A9D second address: 552AA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 551F54 second address: 551F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jo 00007FBE09004556h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552EDC second address: 552EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBE093BE2A6h 0x0000000a pop ebx 0x0000000b jnc 00007FBE093BE2B2h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 552EFF second address: 552F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A865 second address: 55A86B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A86B second address: 55A880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FBE0900455Fh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A419 second address: 55A456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FBE093BE2B8h 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e popad 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007FBE093BE2A6h 0x00000018 jmp 00007FBE093BE2B2h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A456 second address: 55A45A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A5AC second address: 55A5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A5B2 second address: 55A5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55A5B7 second address: 55A5C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FBE093BE2A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D6E3 second address: 55D703 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE09004562h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FBE09004556h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D703 second address: 55D707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D707 second address: 55D70B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D0F2 second address: 55D0F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D252 second address: 55D266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBE0900455Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D3DA second address: 55D3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 55D3E0 second address: 55D3E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C116C second address: 4C1196 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FBE093BE2AFh 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C1196 second address: 4C11A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C11A3 second address: 4C11A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562C90 second address: 562C94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562C94 second address: 562CB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562CB3 second address: 562CB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562CB9 second address: 562CBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562CBD second address: 562CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562CC8 second address: 562CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562CCE second address: 562CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562CD7 second address: 562CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 562FAB second address: 562FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jnl 00007FBE09004556h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pop eax 0x00000011 pushad 0x00000012 jnc 00007FBE0900455Ah 0x00000018 push eax 0x00000019 pop eax 0x0000001a push edx 0x0000001b pop edx 0x0000001c push esi 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007FBE09004566h 0x00000024 pop esi 0x00000025 push ebx 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56356E second address: 56358D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FBE093BE2B6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56358D second address: 5635E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 jmp 00007FBE09004563h 0x0000000e popad 0x0000000f pushad 0x00000010 push esi 0x00000011 jmp 00007FBE09004569h 0x00000016 pop esi 0x00000017 push ebx 0x00000018 jmp 00007FBE09004568h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5635E1 second address: 56360B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FBE093BE2B4h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 jo 00007FBE093BE2A6h 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 568DF2 second address: 568E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FBE09004556h 0x0000000a jng 00007FBE09004556h 0x00000010 popad 0x00000011 jmp 00007FBE09004564h 0x00000016 push eax 0x00000017 push edx 0x00000018 jne 00007FBE09004556h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 568E21 second address: 568E25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 568540 second address: 568546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 568546 second address: 568572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FBE093BE2B6h 0x0000000b jmp 00007FBE093BE2AEh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 568572 second address: 56857B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56857B second address: 56857F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56857F second address: 5685A1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBE09004556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBE09004564h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56E718 second address: 56E724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FBE093BE2A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D1E4 second address: 56D1E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D36F second address: 56D37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FBE093BE2A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D37B second address: 56D385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D385 second address: 56D38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D4AB second address: 56D4B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D4B1 second address: 56D4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FBE093BE2A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D4BB second address: 56D4CD instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBE09004556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D4CD second address: 56D4D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D4D3 second address: 56D4DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FBE09004556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56D4DD second address: 56D4E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5153CA second address: 5153CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5153CF second address: 515410 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBE093BE2A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FBE093BE2AFh 0x00000010 nop 0x00000011 sub edx, 4AC11B37h 0x00000017 mov dx, 49C1h 0x0000001b mov ebx, dword ptr [ebp+12484304h] 0x00000021 mov dword ptr [ebp+122D1B63h], esi 0x00000027 add eax, ebx 0x00000029 push eax 0x0000002a jl 00007FBE093BE2B0h 0x00000030 pushad 0x00000031 push ebx 0x00000032 pop ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56E44E second address: 56E454 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 56E454 second address: 56E463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE093BE2ABh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 574AB1 second address: 574AB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 574F67 second address: 574F6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 575840 second address: 57585D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBE0900455Fh 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57585D second address: 575861 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 575861 second address: 575876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE0900455Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 575876 second address: 57587A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57587A second address: 575896 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE09004566h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 575896 second address: 5758AA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007FBE093BE2A6h 0x0000000b pop ebx 0x0000000c jnl 00007FBE093BE2ACh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57676C second address: 576772 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 576772 second address: 576781 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 576781 second address: 5767A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jns 00007FBE09004556h 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007FBE0900455Fh 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 js 00007FBE09004556h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57EE5D second address: 57EE6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE093BE2ADh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E33D second address: 57E371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FBE09004556h 0x0000000a jmp 00007FBE0900455Ch 0x0000000f jmp 00007FBE09004565h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jnp 00007FBE09004556h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E371 second address: 57E385 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E4CC second address: 57E50B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FBE0900455Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push esi 0x00000011 jo 00007FBE09004556h 0x00000017 pop esi 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007FBE09004560h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 je 00007FBE0900455Eh 0x0000002c push ebx 0x0000002d pop ebx 0x0000002e jnl 00007FBE09004556h 0x00000034 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E678 second address: 57E67C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E67C second address: 57E681 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E7B6 second address: 57E7BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E8DD second address: 57E8F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007FBE0900455Eh 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E8F3 second address: 57E8FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 57E8FE second address: 57E904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5865F5 second address: 5865F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5865F9 second address: 5865FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5865FF second address: 586605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 586605 second address: 58661B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBE09004558h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FBE09004558h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5847FA second address: 584807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jp 00007FBE093BE2A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 584807 second address: 584814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FBE0900455Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58497F second address: 584983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 584983 second address: 584991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FBE0900455Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 584991 second address: 584995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 584995 second address: 5849BD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FBE09004568h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5849BD second address: 5849C2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 584C56 second address: 584C73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE09004567h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 58536D second address: 585377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FBE093BE2A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 585377 second address: 585394 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jmp 00007FBE0900455Ah 0x0000000f pop ecx 0x00000010 push eax 0x00000011 jno 00007FBE09004556h 0x00000017 pop eax 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 585394 second address: 585399 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 590DFA second address: 590E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 590E03 second address: 590E07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C2C70 second address: 4C2C9F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBE09004556h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FBE09004568h 0x00000014 jnc 00007FBE09004556h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C2C9F second address: 4C2CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C2CA7 second address: 4C2CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FBE09004556h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C2CB8 second address: 4C2CBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59DC66 second address: 59DC87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jc 00007FBE09004562h 0x0000000b popad 0x0000000c jo 00007FBE0900457Fh 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 59DE2C second address: 59DE30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A19AF second address: 5A19B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A19B3 second address: 5A19DF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 jmp 00007FBE093BE2ACh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e jmp 00007FBE093BE2B3h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A19DF second address: 5A19E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A1391 second address: 5A1397 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A1397 second address: 5A13AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE0900455Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A1514 second address: 5A153A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBE093BE2A6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push edx 0x0000000e jno 00007FBE093BE2B2h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A8EDC second address: 5A8EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007FBE0900455Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A8EF0 second address: 5A8EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A8EFC second address: 5A8F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A8F00 second address: 5A8F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A8F04 second address: 5A8F11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A8F11 second address: 5A8F16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A8F16 second address: 5A8F1B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5A8D82 second address: 5A8D93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE093BE2ADh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B15C4 second address: 5B15C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B15C8 second address: 5B15CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B3C6E second address: 5B3C7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FBE09004556h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B3C7A second address: 5B3C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B3C7E second address: 5B3C82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B52FD second address: 5B5303 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B7620 second address: 5B762A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FBE09004556h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B762A second address: 5B763D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B763D second address: 5B765B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBE09004569h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5B765B second address: 5B7660 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC405 second address: 5BC40B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC40B second address: 5BC40F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC581 second address: 5BC5B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE09004560h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007FBE09004572h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC5B9 second address: 5BC5D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FBE093BE2B1h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC5D0 second address: 5BC5D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC72C second address: 5BC732 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC732 second address: 5BC73E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC73E second address: 5BC742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BC8C3 second address: 5BC904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 jl 00007FBE09004556h 0x0000000e pop edi 0x0000000f jmp 00007FBE09004569h 0x00000014 pushad 0x00000015 jmp 00007FBE09004566h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BCA8B second address: 5BCAAC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jl 00007FBE093BE2A6h 0x00000009 jmp 00007FBE093BE2AFh 0x0000000e pop ecx 0x0000000f jo 00007FBE093BE2ACh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BCDDC second address: 5BCDE2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BCDE2 second address: 5BCDF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FBE093BE2AEh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BD99F second address: 5BD9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5BD9AA second address: 5BD9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C13E6 second address: 5C13F7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FBE0900455Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C13F7 second address: 5C1403 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBE093BE2AEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5C1403 second address: 5C140B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5CAFDA second address: 5CAFDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DF413 second address: 5DF43D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE09004567h 0x00000009 jmp 00007FBE0900455Fh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DF43D second address: 5DF45C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DF45C second address: 5DF462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DF462 second address: 5DF46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DF46F second address: 5DF473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DF473 second address: 5DF4AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007FBE093BE2A6h 0x00000011 jmp 00007FBE093BE2B6h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E1042 second address: 5E1048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E1048 second address: 5E105D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBE093BE2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jbe 00007FBE093BE2A6h 0x00000011 pop esi 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F9DD4 second address: 5F9DDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F9DDA second address: 5F9DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F9DE0 second address: 5F9DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE09004564h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F9DFA second address: 5F9E24 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBE093BE2A6h 0x00000008 jmp 00007FBE093BE2B5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jl 00007FBE093BE2A6h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F9E24 second address: 5F9E2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F9E2E second address: 5F9E41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE093BE2AFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F9E41 second address: 5F9E60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE09004561h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FBE09004556h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA001 second address: 5FA01C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B0h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA01C second address: 5FA03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FBE09004569h 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA03C second address: 5FA042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA042 second address: 5FA046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA1D9 second address: 5FA1DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA1DE second address: 5FA1F9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBE09004565h 0x00000008 jmp 00007FBE0900455Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA1F9 second address: 5FA217 instructions: 0x00000000 rdtsc 0x00000002 js 00007FBE093BE2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FBE093BE2ACh 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA5E3 second address: 5FA5E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA5E7 second address: 5FA5FF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007FBE093BE2A6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007FBE093BE2A8h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA5FF second address: 5FA619 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FBE09004565h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA79B second address: 5FA7A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA7A1 second address: 5FA7B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FBE0900455Eh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FA7B7 second address: 5FA7D0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBE093BE2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FBE093BE2ACh 0x00000013 js 00007FBE093BE2A6h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FEF6A second address: 5FEF71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FF2D8 second address: 5FF2DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FF2DE second address: 5FF2E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FF2E2 second address: 5FF2F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FBE093BE2A6h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FF2F8 second address: 5FF2FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FF2FC second address: 5FF302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FF302 second address: 5FF308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FF535 second address: 5FF565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 sub edx, dword ptr [ebp+122D2D8Fh] 0x0000000c sbb edx, 71100ADBh 0x00000012 push dword ptr [ebp+1244D39Eh] 0x00000018 mov edx, dword ptr [ebp+122D1A00h] 0x0000001e push 25A54E9Dh 0x00000023 pushad 0x00000024 push eax 0x00000025 pushad 0x00000026 popad 0x00000027 pop eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jg 00007FBE093BE2A6h 0x00000030 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5FF565 second address: 5FF569 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60096D second address: 600971 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 600971 second address: 60098C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FBE09004561h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60281A second address: 60281E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511003C second address: 5110077 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FBE09004560h 0x00000008 sub eax, 062FA1B8h 0x0000000e jmp 00007FBE0900455Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov esi, 01B275EFh 0x0000001b popad 0x0000001c mov ecx, dword ptr [eax+00000FDCh] 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov ecx, edx 0x00000027 push ebx 0x00000028 pop ecx 0x00000029 popad 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5110077 second address: 5110086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE093BE2ABh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5110086 second address: 511008A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511008A second address: 51100E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, ecx 0x0000000a pushad 0x0000000b mov bh, 77h 0x0000000d push esi 0x0000000e pushfd 0x0000000f jmp 00007FBE093BE2B3h 0x00000014 add esi, 3045BD8Eh 0x0000001a jmp 00007FBE093BE2B9h 0x0000001f popfd 0x00000020 pop ecx 0x00000021 popad 0x00000022 jns 00007FBE093BE314h 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FBE093BE2AAh 0x0000002f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51100E0 second address: 511014E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add eax, ecx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FBE0900455Fh 0x00000014 adc eax, 583AA84Eh 0x0000001a jmp 00007FBE09004569h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007FBE09004560h 0x00000026 adc ecx, 605C24C8h 0x0000002c jmp 00007FBE0900455Bh 0x00000031 popfd 0x00000032 popad 0x00000033 mov eax, dword ptr [eax+00000860h] 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 511014E second address: 5110169 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE093BE2B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5110169 second address: 5110217 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FBE0900455Fh 0x00000009 add ecx, 01CE706Eh 0x0000000f jmp 00007FBE09004569h 0x00000014 popfd 0x00000015 mov eax, 747B0DF7h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d test eax, eax 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FBE09004568h 0x00000026 jmp 00007FBE09004565h 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007FBE09004560h 0x00000032 sbb eax, 051DD978h 0x00000038 jmp 00007FBE0900455Bh 0x0000003d popfd 0x0000003e popad 0x0000003f je 00007FBE7A82B0BBh 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FBE09004565h 0x0000004c rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 363BDB instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 3614E6 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 52D8DA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 363B07 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 363B01 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 592DFC instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 5060Thread sleep time: -60000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.2190498715.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190378454.00000000012EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000134F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2190498715.000000000134F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000134F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: file.exe, 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00345BB0 LdrInitializeThunk,0_2_00345BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, file.exe, 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: {Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe29%ReversingLabs
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    eaglepawnoy.store1%VirustotalBrowse
    spirittunek.store1%VirustotalBrowse
    licendfilteo.site1%VirustotalBrowse
    mobbipenju.store1%VirustotalBrowse
    feelystroll.buzz3%VirustotalBrowse
    dissapoiznw.store1%VirustotalBrowse
    clearancek.site1%VirustotalBrowse
    bathdoomgaz.store1%VirustotalBrowse
    studennotediw.store1%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://www.youtube.com0%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a0%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    https://feelystroll.buzz/12%VirustotalBrowse
    https://feelystroll.buzz/11%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    https://feelystroll.buzz/api12%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://steamcommunity.com/profiles/76561199724331900/6%VirustotalBrowse
    https://feelystroll.buzz/i3%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%VirustotalBrowse
    https://steamcommunity.com/discussions/0%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&amp;l=e0%VirustotalBrowse
    https://steamcommunity.com/market/0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalseunknown
    feelystroll.buzz
    		unknown
    		unknownfalseunknown
    eaglepawnoy.store
    		unknown
    		unknownfalseunknown
    bathdoomgaz.store
    		unknown
    		unknownfalseunknown
    spirittunek.store
    		unknown
    		unknownfalseunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknownfalseunknown
    mobbipenju.store
    		unknown
    		unknownfalseunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknownfalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    studennotediw.stortrue
      		unknown
      mobbipenju.stortrue
        		unknown
        https://steamcommunity.com/profiles/76561199724331900true
        • URL Reputation: malware
        		unknown
        bathdoomgaz.stortrue
          		unknown
          dissapoiznw.stortrue
            		unknown
            spirittunek.stortrue
              		unknown
              eaglepawnoy.stortrue
                		unknown
                clearancek.sitetrue
                  		unknown
                  licendfilteo.sitetrue
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://player.vimeo.comfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/ki/cfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.youtube.comfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.google.comfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://s.ytimg.com;file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://steam.tv/file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://feelystroll.buzz:443/apiofiles/76561199724331900file.exe, 00000000.00000002.2190498715.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://feelystroll.buzz/file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steam0Nlfile.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://sketchfab.comfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://lv.queniujq.cnfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000002.2190378454.0000000001325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmptrue
                            • URL Reputation: malware
                            		unknown
                            https://www.youtube.com/file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AB000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.google.com/recaptcha/file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://checkout.steampowered.com/file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://feelystroll.buzz/1file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/;file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/about/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://feelystroll.buzz/apifile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900/file.exe, 00000000.00000003.2189376539.0000000001340000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001340000.00000004.00000020.00020000.00000000.sdmptrueunknown
                            https://help.steampowered.com/en/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://steamcommunity.com/market/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://store.steampowered.com/news/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://feelystroll.buzz/ifile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&amp;l=efile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://store.steampowered.com/stats/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://medal.tvfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://feelystroll.buzz/yfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000002.2190378454.0000000001325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://clearancek.site:443/apifile.exe, 00000000.00000002.2190498715.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTzfile.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://login.steampowered.com/file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://store.steampowered.com/legal/file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://recaptcha.netfile.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://store.steampowered.com/file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://mobbipenju.store:443/apifile.exe, 00000000.00000002.2190498715.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://127.0.0.1:27060file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://feelystroll.buzz/api#file.exe, 00000000.00000003.2189376539.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://spirittunek.store:443/apifile.exe, 00000000.00000002.2190498715.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189376539.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://store.steVpfile.exe, 00000000.00000002.2190652504.00000000013AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189342494.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://help.steampowered.com/file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://api.steampowered.com/file.exe, 00000000.00000002.2190498715.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2189376539.0000000001328000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2190695378.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2189322825.00000000013B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    104.102.49.254
                                                    		steamcommunity.comUnited States
                                                    		16625AKAMAI-ASUSfalse

                                                    General Information

                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1526551
                                                    Start date and time:2024-10-06 09:32:07 +02:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 4m 49s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:6
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:file.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.evad.winEXE@1/0@10/1
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:Failed
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    03:33:03API Interceptor2x Sleep call for process: file.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                    • www.valvesoftware.com/legal.htm

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    https://blmphilly.com/Get hashmaliciousUnknownBrowse
                                                    • 2.19.126.150

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    No created / dropped files found

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Entropy (8bit):7.946833881966706
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:file.exe
                                                    File size:1'882'112 bytes
                                                    MD5:bdcde8ea7e2b2dc63cce44e50f0a6257
                                                    SHA1:e658b3da104ced11c8ec14f24d6669dca4a54987
                                                    SHA256:657b7ee6f83be4b24fddd47c8b4194c87311064baf20b09b1fd3812b98aa74ec
                                                    SHA512:291641ba5a9b74e883b6c740ea87fd061f1fa02f02dcad1fe06bc119c9e46b23c0b63f43f3ea8d75f19f87e18f499cfe4c3b2779081bd367497207a58635c64d
                                                    SSDEEP:49152:gRLX4KgfpyBjBEFgF3GloVxxLRNfV4mKj:gRLI/fpAtEFgh7VjK
                                                    TLSH:FA95334A4D0BF0F9CDACE47DEF93D40B385EA78211C4D8B621D2E316F646B119AA7316
                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................J...........@.......................... K...........@.................................W...k..

                                                    File Icon

                                                    Icon Hash:00928e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x8af000
                                                    Entrypoint Section:.taggant
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:6
                                                    OS Version Minor:0
                                                    File Version Major:6
                                                    File Version Minor:0
                                                    Subsystem Version Major:6
                                                    Subsystem Version Minor:0
                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp 00007FBE08ED18DAh
                                                    setbe byte ptr [eax+eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    jmp 00007FBE08ED38D5h
                                                    add byte ptr [ebx], cl
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], dh
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], cl
                                                    add byte ptr [eax], 00000000h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    or ecx, dword ptr [edx]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    xor byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    sub byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    push es
                                                    add byte ptr [eax], 00000000h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    or ecx, dword ptr [edx]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add cl, byte ptr [edx]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    or byte ptr [eax+00000000h], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    or ecx, dword ptr [edx]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    xor byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add dword ptr [eax], eax
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add dword ptr [eax+00000000h], eax
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    0x10000x5d0000x25e007b95056c94e231a89cad2c7ef2d4fc98False0.9995616749174917data7.978448333707626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    0x600000x2ac0000x2006d05ef4667f922ed946054b438ee33faunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    uimcmjhm0x30c0000x1a20000x1a20004f27bc8a8a74be5c377c4694b164f4d3False0.9943082526540071data7.9533842941242785IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    givvxded0x4ae0000x10000x40036873f4edce74278619b86bcd12e4529False0.7880859375data6.201834418077947IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .taggant0x4af0000x30000x220078ccf61648e42c8f29e12025d3e2e9eaFalse0.064453125DOS executable (COM)0.7774908975605115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                    Imports

                                                    DLLImport
                                                    kernel32.dlllstrcpy

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-10-06T09:33:04.036455+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6563761.1.1.153UDP
                                                    2024-10-06T09:33:04.047892+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6584031.1.1.153UDP
                                                    2024-10-06T09:33:04.057708+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6550251.1.1.153UDP
                                                    2024-10-06T09:33:04.066424+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6553771.1.1.153UDP
                                                    2024-10-06T09:33:04.086508+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6591341.1.1.153UDP
                                                    2024-10-06T09:33:04.099670+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6563761.1.1.153UDP
                                                    2024-10-06T09:33:04.110607+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6608781.1.1.153UDP
                                                    2024-10-06T09:33:04.121265+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6626661.1.1.153UDP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 6, 2024 09:33:04.146480083 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:04.146542072 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:04.146624088 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:04.149846077 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:04.149867058 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:04.796128988 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:04.796222925 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:04.799253941 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:04.799268961 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:04.799629927 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:04.847831964 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:04.883033991 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:04.927400112 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.361320019 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.361380100 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.361392021 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.361409903 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.361426115 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.361447096 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.361474991 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.361475945 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.361494064 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.461707115 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.461766005 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.461810112 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.461833000 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.461877108 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.461877108 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.466789961 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.466869116 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.466887951 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.467031956 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.467036009 CEST44349711104.102.49.254192.168.2.6
                                                    Oct 6, 2024 09:33:05.467106104 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.468245983 CEST49711443192.168.2.6104.102.49.254
                                                    Oct 6, 2024 09:33:05.468264103 CEST44349711104.102.49.254192.168.2.6

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 6, 2024 09:33:04.036454916 CEST5637653192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.045141935 CEST53563761.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:04.047892094 CEST5840353192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.056483984 CEST53584031.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:04.057708025 CEST5502553192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.065174103 CEST53550251.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:04.066423893 CEST5537753192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.074888945 CEST53553771.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:04.086508036 CEST5913453192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.097261906 CEST53591341.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:04.099669933 CEST5637653192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.108258963 CEST53563761.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:04.110606909 CEST6087853192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.118766069 CEST53608781.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:04.121264935 CEST6266653192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.129823923 CEST53626661.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:04.134319067 CEST5705953192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:04.141513109 CEST53570591.1.1.1192.168.2.6
                                                    Oct 6, 2024 09:33:05.470083952 CEST6342253192.168.2.61.1.1.1
                                                    Oct 6, 2024 09:33:05.480464935 CEST53634221.1.1.1192.168.2.6

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Oct 6, 2024 09:33:04.036454916 CEST192.168.2.61.1.1.10x9b54Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.047892094 CEST192.168.2.61.1.1.10x4abdStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.057708025 CEST192.168.2.61.1.1.10x5cb5Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.066423893 CEST192.168.2.61.1.1.10xe86fStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.086508036 CEST192.168.2.61.1.1.10x48c0Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.099669933 CEST192.168.2.61.1.1.10xb1a2Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.110606909 CEST192.168.2.61.1.1.10xeabbStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.121264935 CEST192.168.2.61.1.1.10x1eb5Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.134319067 CEST192.168.2.61.1.1.10x1d4cStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:05.470083952 CEST192.168.2.61.1.1.10x25faStandard query (0)feelystroll.buzzA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Oct 6, 2024 09:33:04.045141935 CEST1.1.1.1192.168.2.60x9b54Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.056483984 CEST1.1.1.1192.168.2.60x4abdName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.065174103 CEST1.1.1.1192.168.2.60x5cb5Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.074888945 CEST1.1.1.1192.168.2.60xe86fName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.097261906 CEST1.1.1.1192.168.2.60x48c0Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.108258963 CEST1.1.1.1192.168.2.60xb1a2Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.118766069 CEST1.1.1.1192.168.2.60xeabbName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.129823923 CEST1.1.1.1192.168.2.60x1eb5Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:04.141513109 CEST1.1.1.1192.168.2.60x1d4cNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                    Oct 6, 2024 09:33:05.480464935 CEST1.1.1.1192.168.2.60x25faName error (3)feelystroll.buzznonenoneA (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • steamcommunity.com

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.649711104.102.49.2544437152C:\Users\user\Desktop\file.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-10-06 07:33:04 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                    Connection: Keep-Alive
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                    Host: steamcommunity.com
                                                    2024-10-06 07:33:05 UTC1870INHTTP/1.1 200 OK
                                                    Server: nginx
                                                    Content-Type: text/html; charset=UTF-8
                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                    Cache-Control: no-cache
                                                    Date: Sun, 06 Oct 2024 07:33:05 GMT
                                                    Content-Length: 34832
                                                    Connection: close
                                                    Set-Cookie: sessionid=acc6d7c9114627cd9328330c; Path=/; Secure; SameSite=None
                                                    Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                    2024-10-06 07:33:05 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                    2024-10-06 07:33:05 UTC16384INData Raw: 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c
                                                    Data Ascii: ript type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global
                                                    2024-10-06 07:33:05 UTC3768INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e
                                                    Data Ascii: div class="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { In
                                                    2024-10-06 07:33:05 UTC166INData Raw: 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: n>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:03:33:01
                                                    Start date:06/10/2024
                                                    Path:C:\Users\user\Desktop\file.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                    Imagebase:0x300000
                                                    File size:1'882'112 bytes
                                                    MD5 hash:BDCDE8EA7E2B2DC63CCE44E50F0A6257
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:0.8%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:73%
                                                      Total number of Nodes:37
                                                      Total number of Limit Nodes:3
                                                      execution_graph 20923 30d110 20925 30d119 20923->20925 20924 30d2ee ExitProcess 20925->20924 20931 3499d0 20933 3499f5 20931->20933 20932 349a5f 20935 349b0e 20932->20935 20938 345bb0 LdrInitializeThunk 20932->20938 20933->20932 20937 345bb0 LdrInitializeThunk 20933->20937 20937->20932 20938->20935 20939 30edb5 20940 30edd0 20939->20940 20943 30fca0 20940->20943 20946 30fcdc 20943->20946 20944 30ef70 20946->20944 20947 343220 20946->20947 20948 3432a2 RtlFreeHeap 20947->20948 20949 3432ac 20947->20949 20950 343236 20947->20950 20948->20949 20949->20944 20950->20948 20969 343202 RtlAllocateHeap 20970 33d9cb 20971 33d9fb 20970->20971 20972 33da65 20971->20972 20974 345bb0 LdrInitializeThunk 20971->20974 20974->20971 20951 31049b 20955 310227 20951->20955 20952 310455 20958 345700 RtlFreeHeap 20952->20958 20955->20952 20956 310308 20955->20956 20957 345700 RtlFreeHeap 20955->20957 20957->20952 20958->20956 20959 3464b8 20960 3463f2 20959->20960 20961 34646e 20960->20961 20963 345bb0 LdrInitializeThunk 20960->20963 20963->20961 20964 34695b 20965 346965 20964->20965 20965->20965 20966 346a5e 20965->20966 20968 345bb0 LdrInitializeThunk 20965->20968 20968->20966

                                                      Executed Functions

                                                      Function 0030FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 25 30fca0-30fcda 26 30fd0b-30fe22 25->26 27 30fcdc-30fcdf 25->27 28 30fe24 26->28 29 30fe5b-30fe8c 26->29 30 30fce0-30fd09 call 312690 27->30 31 30fe30-30fe59 call 312760 28->31 32 30feb6-30fecf call 310b50 29->32 33 30fe8e-30fe8f 29->33 30->26 31->29 43 30ffe4-30ffe6 32->43 44 30fed5-30fef8 32->44 37 30fe90-30feb4 call 312700 33->37 37->32 45 3101b1-3101bb 43->45 46 30fefa 44->46 47 30ff2b-30ff2d 44->47 48 30ff00-30ff29 call 3127e0 46->48 49 30ff30-30ff3a 47->49 48->47 51 30ff41-30ff49 49->51 52 30ff3c-30ff3f 49->52 54 3101a2-3101a5 call 343220 51->54 55 30ff4f-30ff76 51->55 52->49 52->51 59 3101aa-3101ad 54->59 56 30ff78 55->56 57 30ffab-30ffb5 55->57 60 30ff80-30ffa9 call 312840 56->60 61 30ffb7-30ffbb 57->61 62 30ffeb 57->62 59->45 60->57 65 30ffc7-30ffcb 61->65 63 30ffed-30ffef 62->63 67 31019a 63->67 68 30fff5-31002c 63->68 66 30ffd1-30ffd8 65->66 65->67 70 30ffda-30ffdc 66->70 71 30ffde 66->71 67->54 72 31005b-310065 68->72 73 31002e-31002f 68->73 70->71 74 30ffc0-30ffc5 71->74 75 30ffe0-30ffe2 71->75 77 3100a4 72->77 78 310067-31006f 72->78 76 310030-310059 call 3128a0 73->76 74->63 74->65 75->74 76->72 79 3100a6-3100a8 77->79 81 310087-31008b 78->81 79->67 83 3100ae-3100c5 79->83 81->67 82 310091-310098 81->82 85 31009a-31009c 82->85 86 31009e 82->86 87 3100c7 83->87 88 3100fb-310102 83->88 85->86 89 310080-310085 86->89 90 3100a0-3100a2 86->90 91 3100d0-3100f9 call 312900 87->91 92 310130-31013c 88->92 93 310104-31010d 88->93 89->79 89->81 90->89 91->88 94 3101c2-3101c7 92->94 96 310117-31011b 93->96 94->54 96->67 98 31011d-310124 96->98 99 310126-310128 98->99 100 31012a 98->100 99->100 101 310110-310115 100->101 102 31012c-31012e 100->102 101->96 103 310141-310143 101->103 102->101 103->67 104 310145-31015b 103->104 104->94 105 31015d-31015f 104->105 106 310163-310166 105->106 107 310168-310188 call 312030 106->107 108 3101bc 106->108 111 310192-310198 107->111 112 31018a-310190 107->112 108->94 111->94 112->106 112->111
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: J|BJ$V$VY^_$t
                                                      • API String ID: 0-3701112211
                                                      • Opcode ID: 6b093fbc06cab88a7740dfa8bad4ec9342da963785a85ce68cc9ec683c3fe652
                                                      • Instruction ID: 1ad80d7dc1fe180a4a8201480e61296a75614e279495e8744b19bea6f98cbeb3
                                                      • Opcode Fuzzy Hash: 6b093fbc06cab88a7740dfa8bad4ec9342da963785a85ce68cc9ec683c3fe652
                                                      • Instruction Fuzzy Hash: AED1797550D380AFD32ADF14C49065FBBE1AB9AB48F14882CF4C98B252D375CD89DB92
                                                      Function 0030D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 149 30d110-30d11b call 344cc0 152 30d121-30d130 call 33c8d0 149->152 153 30d2ee-30d2f6 ExitProcess 149->153 157 30d136-30d15f 152->157 158 30d2e9 call 3456e0 152->158 162 30d161 157->162 163 30d196-30d1bf 157->163 158->153 164 30d170-30d194 call 30d300 162->164 165 30d1c1 163->165 166 30d1f6-30d20c 163->166 164->163 168 30d1d0-30d1f4 call 30d370 165->168 169 30d239-30d23b 166->169 170 30d20e-30d20f 166->170 168->166 174 30d286-30d2aa 169->174 175 30d23d-30d25a 169->175 173 30d210-30d237 call 30d3e0 170->173 173->169 176 30d2d6 call 30e8f0 174->176 177 30d2ac-30d2af 174->177 175->174 180 30d25c-30d25f 175->180 187 30d2db-30d2dd 176->187 182 30d2b0-30d2d4 call 30d490 177->182 181 30d260-30d284 call 30d440 180->181 181->174 182->176 187->158 190 30d2df-30d2e4 call 312f10 call 310b40 187->190 190->158
                                                      APIs
                                                      • ExitProcess.KERNEL32(00000000), ref: 0030D2F1
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: dfc27b8736c6717430c1f56d9646d17d2daa8abc9f1054c0956ffd1a83f58ed9
                                                      • Instruction ID: 739d4fabefc30b07b0922e06f7e9519cc2f0ba557fbe52f468a1f76379f6f8dc
                                                      • Opcode Fuzzy Hash: dfc27b8736c6717430c1f56d9646d17d2daa8abc9f1054c0956ffd1a83f58ed9
                                                      • Instruction Fuzzy Hash: BF41587440E340ABC302BFA8D5A4A2EFBF5AF56744F148C1CE9C49B292C735D8548B67
                                                      Function 00345BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 204 345bb0-345be2 LdrInitializeThunk
                                                      APIs
                                                      • LdrInitializeThunk.NTDLL(0034973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00345BDE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                      • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                      • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                      • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                      Function 0034695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 233 34695b-34696b call 344a20 236 346981-346a02 233->236 237 34696d 233->237 238 346a04 236->238 239 346a36-346a42 236->239 240 346970-34697f 237->240 241 346a10-346a34 call 3473e0 238->241 242 346a44-346a4f 239->242 243 346a85-346a9f 239->243 240->236 240->240 241->239 245 346a50-346a57 242->245 247 346a60-346a66 245->247 248 346a59-346a5c 245->248 247->243 250 346a68-346a7d call 345bb0 247->250 248->245 249 346a5e 248->249 249->243 252 346a82 250->252 252->243
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: 1acbe5571d84fc269e249649487633c5f667520e84f1d66b314b40f110ab5fc7
                                                      • Instruction ID: 4ab2379afdd8563be9ed47a7ca1d492f984121a1fa2e1820cd39f06867f77be8
                                                      • Opcode Fuzzy Hash: 1acbe5571d84fc269e249649487633c5f667520e84f1d66b314b40f110ab5fc7
                                                      • Instruction Fuzzy Hash: F831A9B15183019FD71ADF14C8A1B2BB7F5FF8A345F08981CE5C69B2A1E334A904CB56
                                                      Function 0031049B Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 253 31049b-310515 call 30c9f0 257 310311-310320 253->257 258 310370-31037e 253->258 259 3103d0-3103d7 253->259 260 310393-310397 253->260 261 310472-310477 253->261 262 310417-310430 253->262 263 310356 253->263 264 310339-31034f 253->264 265 31045b-310469 call 345700 253->265 266 3103fb-310414 253->266 267 31051c-31051e 253->267 268 31035f-310367 253->268 269 3103be 253->269 270 3103de-3103e3 253->270 271 310440-310458 call 345700 253->271 272 310480 253->272 273 310242-310244 253->273 274 310482-310484 253->274 275 310227-31023b 253->275 276 310246-310260 253->276 277 310386-31038c 253->277 278 310308-31030c 253->278 279 3103ec-3103f4 253->279 287 310327-310332 257->287 258->277 259->260 259->261 259->262 259->266 259->270 259->272 259->274 259->277 259->279 290 3103a0-3103b7 260->290 261->272 262->271 263->268 264->258 264->259 264->260 264->261 264->262 264->263 264->265 264->266 264->268 264->269 264->270 264->271 264->272 264->274 264->277 264->279 265->261 266->262 282 310520-310b30 267->282 268->258 269->259 270->279 271->265 283 310296-3102bd 273->283 280 31048d-310496 274->280 275->257 275->258 275->259 275->260 275->261 275->262 275->263 275->264 275->265 275->266 275->268 275->269 275->270 275->271 275->272 275->273 275->274 275->276 275->277 275->278 275->279 284 310262 276->284 285 310294 276->285 277->260 277->261 277->272 277->274 278->280 279->260 279->261 279->266 279->272 279->274 280->282 292 3102ea-310301 283->292 293 3102bf 283->293 291 310270-310292 call 312eb0 284->291 285->283 287->258 287->259 287->260 287->261 287->262 287->263 287->264 287->265 287->266 287->268 287->269 287->270 287->271 287->272 287->274 287->277 287->279 290->259 290->260 290->261 290->262 290->265 290->266 290->269 290->270 290->271 290->272 290->274 290->277 290->279 291->285 292->257 292->258 292->259 292->260 292->261 292->262 292->263 292->264 292->265 292->266 292->268 292->269 292->270 292->271 292->272 292->274 292->277 292->278 292->279 300 3102c0-3102e8 call 312e70 293->300 300->292
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7deb86f365c44d6892e922545bcd1172a37541459f08a035773b875de57af1f3
                                                      • Instruction ID: 72437417082fb492912d6d15bdc76bd948153e5c1a359d823766a2194e72de93
                                                      • Opcode Fuzzy Hash: 7deb86f365c44d6892e922545bcd1172a37541459f08a035773b875de57af1f3
                                                      • Instruction Fuzzy Hash: AD917B79200700CFD32A8F25D890A17B7FAFF89315F158A6CE8568BA61DB70F855CB50
                                                      Function 00310228 Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 307 310228-31023b 308 310311-310320 307->308 309 310370-31037e 307->309 310 3103d0-3103d7 307->310 311 310393-310397 307->311 312 310472-310477 307->312 313 310417-310430 307->313 314 310356 307->314 315 310339-31034f 307->315 316 31045b-310469 call 345700 307->316 317 3103fb-310414 307->317 318 31035f-310367 307->318 319 3103be 307->319 320 3103de-3103e3 307->320 321 310440-310458 call 345700 307->321 322 310480 307->322 323 310242-310244 307->323 324 310482-310484 307->324 325 310246-310260 307->325 326 310386-31038c 307->326 327 310308-31030c 307->327 328 3103ec-3103f4 307->328 335 310327-310332 308->335 309->326 310->311 310->312 310->313 310->317 310->320 310->322 310->324 310->326 310->328 338 3103a0-3103b7 311->338 312->322 313->321 314->318 315->309 315->310 315->311 315->312 315->313 315->314 315->316 315->317 315->318 315->319 315->320 315->321 315->322 315->324 315->326 315->328 316->312 317->313 318->309 319->310 320->328 321->316 331 310296-3102bd 323->331 329 31048d-310b30 324->329 332 310262 325->332 333 310294 325->333 326->311 326->312 326->322 326->324 327->329 328->311 328->312 328->317 328->322 328->324 340 3102ea-310301 331->340 341 3102bf 331->341 339 310270-310292 call 312eb0 332->339 333->331 335->309 335->310 335->311 335->312 335->313 335->314 335->315 335->316 335->317 335->318 335->319 335->320 335->321 335->322 335->324 335->326 335->328 338->310 338->311 338->312 338->313 338->316 338->317 338->319 338->320 338->321 338->322 338->324 338->326 338->328 339->333 340->308 340->309 340->310 340->311 340->312 340->313 340->314 340->315 340->316 340->317 340->318 340->319 340->320 340->321 340->322 340->324 340->326 340->327 340->328 347 3102c0-3102e8 call 312e70 341->347 347->340
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e037e961c490c09236ff2204c397e187131ec21f1bb18fae2cb1eace70d81fd4
                                                      • Instruction ID: 849601b5a5086b3229231d981bf427622bb178a96a1a1dee1e18c1567dbe6f0f
                                                      • Opcode Fuzzy Hash: e037e961c490c09236ff2204c397e187131ec21f1bb18fae2cb1eace70d81fd4
                                                      • Instruction Fuzzy Hash: 42717D78100700DFD72A8F21DC94A17B7FAFF8A315F148968E8568BA62DB71F855CB50
                                                      Function 003499D0 Relevance: .1, Instructions: 143COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 356 3499d0-3499f3 357 3499f5 356->357 358 349a2b-349a3b 356->358 359 349a00-349a29 call 34ae40 357->359 360 349a8c-349a95 358->360 361 349a3d-349a4f 358->361 359->358 363 349b36-349b38 360->363 364 349a9b-349ab5 360->364 362 349a50-349a58 361->362 366 349a61-349a67 362->366 367 349a5a-349a5d 362->367 368 349b49-349b50 363->368 369 349b3a-349b41 363->369 370 349ae6-349af2 364->370 371 349ab7 364->371 366->360 374 349a69-349a84 call 345bb0 366->374 367->362 373 349a5f 367->373 375 349b47 369->375 376 349b43 369->376 378 349af4-349aff 370->378 379 349b2e-349b30 370->379 377 349ac0-349ae4 call 34ae40 371->377 373->360 386 349a89 374->386 375->368 376->375 377->370 383 349b00-349b07 378->383 379->363 381 349b32 379->381 381->363 384 349b10-349b16 383->384 385 349b09-349b0c 383->385 384->379 389 349b18-349b2b call 345bb0 384->389 385->383 388 349b0e 385->388 386->360 388->379 389->379
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 028bd828d498d18310b54f44f80974dd31b000291f3859ce56bee11e8c3baf69
                                                      • Instruction ID: 2be4914b168b868c0af93cdc4a3090fdbb59e892c81add88b6896de8b17462ba
                                                      • Opcode Fuzzy Hash: 028bd828d498d18310b54f44f80974dd31b000291f3859ce56bee11e8c3baf69
                                                      • Instruction Fuzzy Hash: CD418D34608340ABD716DF15E890B2BB7EAEB89714F55882DF58A9F251D331F811CBA2
                                                      Function 003463B8 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 2e1e1cb627083ca1f2ea966f8b13a94575539e89320c8953fd06b3d74baca672
                                                      • Instruction ID: 7053151db09e458d3869aca7f6d693c05b2cd444b37cfd4609b6606f42fafa02
                                                      • Opcode Fuzzy Hash: 2e1e1cb627083ca1f2ea966f8b13a94575539e89320c8953fd06b3d74baca672
                                                      • Instruction Fuzzy Hash: 7231CE74649301BBDA26DF05CD82F2AB7EAEB86B51F64890CF1815F2E1D370B8118B52
                                                      Function 00310EEC Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cb14fdc0eab5e1b62c5a24fd7c247908008a7ce391062709cfc51765b1db74e7
                                                      • Instruction ID: 586db2f4fe7de2972a351a16eb16f390377810381f4cedfd532bbffc77e48a54
                                                      • Opcode Fuzzy Hash: cb14fdc0eab5e1b62c5a24fd7c247908008a7ce391062709cfc51765b1db74e7
                                                      • Instruction Fuzzy Hash: 6A2139B490021A9FDB1ACF94CC90BBEBBB5FF4A304F144809E411BB292C775A951CB64
                                                      Function 00343220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 194 343220-34322f 195 343236-343252 194->195 196 3432a0 194->196 197 3432a2-3432a6 RtlFreeHeap 194->197 198 3432ac-3432b0 194->198 199 343254 195->199 200 343286-343296 195->200 196->197 197->198 201 343260-343284 call 345af0 199->201 200->196 201->200
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(?,00000000), ref: 003432A6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: 7780b10bd6b3fae2865a6974e0cd76f5d761ecaa001fbec34b3b666ddd201c9a
                                                      • Instruction ID: a8e62ca5a12ad33d2127c2a02d1dcda256dce83fef675603146e4b0bd9240ea0
                                                      • Opcode Fuzzy Hash: 7780b10bd6b3fae2865a6974e0cd76f5d761ecaa001fbec34b3b666ddd201c9a
                                                      • Instruction Fuzzy Hash: 58016D3450D3409BC702EF18E845A1ABBE8EF4A701F054D1CE5C58B361D335ED60CB92
                                                      Function 00343202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 205 343202-343211 RtlAllocateHeap
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 00343208
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: b8b46704a4b1a315152aedc5354899641065b35dc5783950aeddb5cd740ba2ea
                                                      • Instruction ID: 9311aa933674ceaa22777a8d32c7b8b802a19ac51702651f48b9826ff11a2569
                                                      • Opcode Fuzzy Hash: b8b46704a4b1a315152aedc5354899641065b35dc5783950aeddb5cd740ba2ea
                                                      • Instruction Fuzzy Hash: 22B012300401005FDA151F00EC0AF003514EB00706F800050A100040B1D1615864C555

                                                      Non-executed Functions

                                                      Function 003323E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
                                                      • API String ID: 0-2260822535
                                                      • Opcode ID: a57be9644353af8e4a77bf8b6606e6624814148ad00e36c29349b114f062e880
                                                      • Instruction ID: 7fb14c1ca261fb4da1bfd4f4c09e1331324937cce2e7451341ec3fd5c714a1ea
                                                      • Opcode Fuzzy Hash: a57be9644353af8e4a77bf8b6606e6624814148ad00e36c29349b114f062e880
                                                      • Instruction Fuzzy Hash: 9F33BA70514B818FD7268F39C590763BBE1BF16304F58899DE4DA8BA92C735F806CBA1
                                                      Function 0031DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                      • API String ID: 2994545307-1418943773
                                                      • Opcode ID: 1179067b8ae43dd3005eab6eef215bcd6b8c5f9dc9d5df63031b7dfadf002d9b
                                                      • Instruction ID: cc849d9ba46d109216bf33699fb5b27df73857986a85999cd26172478f4cd44c
                                                      • Opcode Fuzzy Hash: 1179067b8ae43dd3005eab6eef215bcd6b8c5f9dc9d5df63031b7dfadf002d9b
                                                      • Instruction Fuzzy Hash: FFF268B45093819FD775CF14C894BEBBBE6AFD9304F14482CE8C98B251D732A985CB92
                                                      Function 00329F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                      • API String ID: 0-1131134755
                                                      • Opcode ID: 08a0f4296b9b7abf5b8f9cf38c9d8879ba999c87b6529218c8bcc63bc8c3970a
                                                      • Instruction ID: 33c1aee1e64d57203206171316906f36ad3962f710c72447626469d35c471cbd
                                                      • Opcode Fuzzy Hash: 08a0f4296b9b7abf5b8f9cf38c9d8879ba999c87b6529218c8bcc63bc8c3970a
                                                      • Instruction Fuzzy Hash: 6652C6B404D385CAE271CF25E581B8EBAF1BB92740F609A1DE1ED9B255DB708045CF93
                                                      Function 00329510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                      • API String ID: 0-655414846
                                                      • Opcode ID: 8bca57eb5c9cd3ad5b7b805f3f15c19d9a757f126b876a76e93fc9dc50a8e9ec
                                                      • Instruction ID: d8175c2306f2775cb58c4e88a11cf46b94d93c9f5c7038632d864635b8989f1e
                                                      • Opcode Fuzzy Hash: 8bca57eb5c9cd3ad5b7b805f3f15c19d9a757f126b876a76e93fc9dc50a8e9ec
                                                      • Instruction Fuzzy Hash: E7F14EB0508380ABD311DF15E891A2BBBF4FB8AB48F144D1DF4D99B252D334D908CBA6
                                                      Function 0032DD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$r2$upH}${E$2
                                                      • API String ID: 0-2153807917
                                                      • Opcode ID: 59cd7ab74cb334200536ac905223ce83443a99c5058b17f16ac2c810cf6eb68e
                                                      • Instruction ID: f703cbfff5bc5b1c0341f6f6c9b846de1f4b9158b75c1705a1a61246b55e5cc9
                                                      • Opcode Fuzzy Hash: 59cd7ab74cb334200536ac905223ce83443a99c5058b17f16ac2c810cf6eb68e
                                                      • Instruction Fuzzy Hash: 18923671E00215CFDB15CF68D8917AEBBB2FF49311F298268E456AB3A1D735AD01CB90
                                                      Function 004D56F8 Relevance: 12.9, Strings: 9, Instructions: 1658COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: F,$$U=}$Znc$azso$n-~{$yU~~$0e_$[o?$ci{
                                                      • API String ID: 0-1566937901
                                                      • Opcode ID: f9ea4c8c35f4b3db799a281f8c2299fdfff7c4541a178237090147400a4f5403
                                                      • Instruction ID: 892d32cd827d2b9733fcb732f055619acda75642afb5f1324a8f660ab4471e59
                                                      • Opcode Fuzzy Hash: f9ea4c8c35f4b3db799a281f8c2299fdfff7c4541a178237090147400a4f5403
                                                      • Instruction Fuzzy Hash: 18B2F6F360C2049FE304AE2DEC8567ABBE9EFD4720F16893DE6C4C7744EA3558058696
                                                      Function 004D06C3 Relevance: 11.6, Strings: 8, Instructions: 1603COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M$.+z$7uWz$W\}$kkQ{$}w|$~_$sY
                                                      • API String ID: 0-416613842
                                                      • Opcode ID: 873c1904d2e494586a42faaf6844d3c76d0a1025acc0a314134ce1e1860e913e
                                                      • Instruction ID: 24f36e1ee9173d6ac8c44696bf39c33ed4226b6cc2da6b25933e6968b438b024
                                                      • Opcode Fuzzy Hash: 873c1904d2e494586a42faaf6844d3c76d0a1025acc0a314134ce1e1860e913e
                                                      • Instruction Fuzzy Hash: 88B2F4F36082049FE304AF29EC8563AFBE9EF94720F1A893DE6C4C7744E63598458657
                                                      Function 0032098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                      • API String ID: 0-4102007303
                                                      • Opcode ID: e351d7456a6f34953133492d20aa90bd65ef8602dc62d1c62e36c0f65edbc00f
                                                      • Instruction ID: e909f9fc39e0251f9ffbcb9b3bb0ef8cc558ae5cede8aff5636e1cb6549fa2f9
                                                      • Opcode Fuzzy Hash: e351d7456a6f34953133492d20aa90bd65ef8602dc62d1c62e36c0f65edbc00f
                                                      • Instruction Fuzzy Hash: 7062C9B16083918BD335CF14E891BABB7E1FF96314F094D2DE49A8B692E3359844CB53
                                                      Function 00301000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                      • API String ID: 0-2517803157
                                                      • Opcode ID: 48baf1a6aaa3be7c712ce0fa0880fd00d0ecf5b37f31effa5acd28707e788dbf
                                                      • Instruction ID: 29d5d3bbc926bdfb664fa30a862e4a31e14735642478365c9be9f37b887ab62e
                                                      • Opcode Fuzzy Hash: 48baf1a6aaa3be7c712ce0fa0880fd00d0ecf5b37f31effa5acd28707e788dbf
                                                      • Instruction Fuzzy Hash: 13D2053160A3418FD71ACE28C4A436BBBE6AFD9314F198A2DE4958B3D1D734DD45CB82
                                                      Function 004C4CC5 Relevance: 7.9, Strings: 5, Instructions: 1645COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *f;$1c{k$7/}$:q<$`m{l
                                                      • API String ID: 0-1210763207
                                                      • Opcode ID: c29c2db4dfe120df1c08589bb55baa9084e38cdfabf57b8fcc4ed4ea5b723421
                                                      • Instruction ID: f7f6e6ab77cf59a351082277340fd69141cc5c6a5a4437aff53e28107d48cc97
                                                      • Opcode Fuzzy Hash: c29c2db4dfe120df1c08589bb55baa9084e38cdfabf57b8fcc4ed4ea5b723421
                                                      • Instruction Fuzzy Hash: CBB219F360C6009FE7086E2DEC8577ABBE9EF94320F1A863DE6C4C7744E93558058696
                                                      Function 004CF130 Relevance: 7.5, Strings: 5, Instructions: 1247COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: r%<$-2w$>($W]>w$yW~
                                                      • API String ID: 0-1162644164
                                                      • Opcode ID: e332232bf57b3e2ed8fc7c7415fd715b308bc3c03547e3b0ec04110674e064d6
                                                      • Instruction ID: 5ddaec8ffcf059318427bec0b7d9c687102ddfcbaa315ea0e394aac004f3201f
                                                      • Opcode Fuzzy Hash: e332232bf57b3e2ed8fc7c7415fd715b308bc3c03547e3b0ec04110674e064d6
                                                      • Instruction Fuzzy Hash: F78238F360C204AFE3146E29EC85A7ABBEAEFD4720F16453DE6C4C7740EA3558058696
                                                      Function 003012F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0$0$0$@$i
                                                      • API String ID: 0-3124195287
                                                      • Opcode ID: d09483444c71f07f6d3a416aeecffdedb5de8971155573fd8ee6fea3330773a7
                                                      • Instruction ID: 5f65654d8a897990032decef1f3c07cc93694e77b645604fabbd48f34c84e001
                                                      • Opcode Fuzzy Hash: d09483444c71f07f6d3a416aeecffdedb5de8971155573fd8ee6fea3330773a7
                                                      • Instruction Fuzzy Hash: 7062F13160E3818BC31ACE28C4A476BBBE1AFD5304F198A6DE8D9872D1D774D949CB42
                                                      Function 0030164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                      • API String ID: 0-1123320326
                                                      • Opcode ID: 0a6a2ee0fbcd6dd407c08d53a4218396fcea18145faf9c57442bde503326910c
                                                      • Instruction ID: 5152c893de78b5f059d49e25512b5d6161be74c889ee0d193e23425025590891
                                                      • Opcode Fuzzy Hash: 0a6a2ee0fbcd6dd407c08d53a4218396fcea18145faf9c57442bde503326910c
                                                      • Instruction Fuzzy Hash: EDF1B13460D3818FC716CE29C4A426BFBE2AFD9304F198A6DE4D987392D774D944CB92
                                                      Function 003013A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                      • API String ID: 0-3620105454
                                                      • Opcode ID: 4d1dfc563eed9a2fee78e790da5851d4e2d6cf32007255dde67db12addd01d12
                                                      • Instruction ID: d1832d5bce7e62c3170aab5b6e7f685270e61bb554acedc427212893c0b0d2b1
                                                      • Opcode Fuzzy Hash: 4d1dfc563eed9a2fee78e790da5851d4e2d6cf32007255dde67db12addd01d12
                                                      • Instruction Fuzzy Hash: 39D1BF3160D7818FC71ACE29C49426AFBE2AFD9304F09CA6DE4D987392D734D949CB52
                                                      Function 004C6728 Relevance: 6.6, Strings: 4, Instructions: 1634COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: s$'[~n$c^$$a8
                                                      • API String ID: 0-3560731238
                                                      • Opcode ID: 27e194bb0e660866946dbd2bc939db883d0862ebde4d33c4102b322d5ade4ebd
                                                      • Instruction ID: dac27844ede4bb69e05688f09de8a6a907b952d37edb590746bceb32106626d4
                                                      • Opcode Fuzzy Hash: 27e194bb0e660866946dbd2bc939db883d0862ebde4d33c4102b322d5ade4ebd
                                                      • Instruction Fuzzy Hash: C4B207F360C604AFE304AE29EC85B7AF7E9EF94720F16453DE6C5C3744EA3598018696
                                                      Function 004D3C7B Relevance: 6.6, Strings: 4, Instructions: 1597COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: R3z{$Yq?~$c7>$ji-=
                                                      • API String ID: 0-4137692509
                                                      • Opcode ID: 1bd20896a649c08b215d98aca35b94dc8d2af0fe3275d245fc54de69a1f1c3d2
                                                      • Instruction ID: 6d9df8a017b43b692c754a4404b01decfdb147c14c36a89b948a208f7e38b7b6
                                                      • Opcode Fuzzy Hash: 1bd20896a649c08b215d98aca35b94dc8d2af0fe3275d245fc54de69a1f1c3d2
                                                      • Instruction Fuzzy Hash: 42B205F360C3049FE304AE2DEC8566ABBE9EF94320F1A463DE6C4C3744EA7558058697
                                                      Function 004C1639 Relevance: 6.6, Strings: 4, Instructions: 1581COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: {]z${]z$Z2U$d=
                                                      • API String ID: 0-3291850418
                                                      • Opcode ID: a39185fcb07e3d72597bfed8e5004a38dc0b39a98f5998b3edf85caa7c79274b
                                                      • Instruction ID: 9f1a5dbef66e5eb5b163b961316e006189b069aa8c93019bfdd33e13c6e37500
                                                      • Opcode Fuzzy Hash: a39185fcb07e3d72597bfed8e5004a38dc0b39a98f5998b3edf85caa7c79274b
                                                      • Instruction Fuzzy Hash: F7B2F6F3A0C200AFE704AE29DC8567ABBE5EF94720F16893DE6C5C7744E63598058793
                                                      Function 0032FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :$NA_I$m1s3$uvw
                                                      • API String ID: 0-3973114637
                                                      • Opcode ID: fb5727a9578e940c607a97f9d07141a2849d5e92650644dc8810eb57121c6f1c
                                                      • Instruction ID: dfc8a44ea51bba33b7173c1faaaf5abe338011b689e7f049780819eae7baae49
                                                      • Opcode Fuzzy Hash: fb5727a9578e940c607a97f9d07141a2849d5e92650644dc8810eb57121c6f1c
                                                      • Instruction Fuzzy Hash: B432A8B0908380DFD316DF29D890B2BBBE5AB8A315F144A6CF5D58B2A2D335D905CF52
                                                      Function 00313BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($;z$p$ss
                                                      • API String ID: 0-2391135358
                                                      • Opcode ID: 79cc620837e6465ee958eddf2abe68b60c11d8c86dcb080a49995530deb5c811
                                                      • Instruction ID: 4927511faa78e2f30a8f8e829f2d60b2996768714bc59ec1250166bb510b7bac
                                                      • Opcode Fuzzy Hash: 79cc620837e6465ee958eddf2abe68b60c11d8c86dcb080a49995530deb5c811
                                                      • Instruction Fuzzy Hash: 07026BB4810B00EFD765DF24D986756BFF4FB06300F50895CE89A8B696E330A459CBA2
                                                      Function 00322260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: a|$hu$lc$sj
                                                      • API String ID: 0-3748788050
                                                      • Opcode ID: 028c7a8e7b16b39e071aacd1f6812977ae7b0a2b527020e336cbdbda6cb466d1
                                                      • Instruction ID: ef27dcab9c66d054fcc8a29b16227a9756705a39d9fac5f25296d3ead7823a34
                                                      • Opcode Fuzzy Hash: 028c7a8e7b16b39e071aacd1f6812977ae7b0a2b527020e336cbdbda6cb466d1
                                                      • Instruction Fuzzy Hash: 5FA1AB744083509BC321DF19D891A2BF7F0FF96754F158A0CE8D59B2A1E339E941CB96
                                                      Function 004D2171 Relevance: 5.3, Strings: 3, Instructions: 1597COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 2#oy$iwoo$jj~
                                                      • API String ID: 0-2909676266
                                                      • Opcode ID: 42977772251e70857481e979aaae546dafdb54ca700cc0f4820ce9e6a92502c8
                                                      • Instruction ID: 40d46c39c568a92e47e4e819d88c5320cf936d3e0e5566af531176a501b361f7
                                                      • Opcode Fuzzy Hash: 42977772251e70857481e979aaae546dafdb54ca700cc0f4820ce9e6a92502c8
                                                      • Instruction Fuzzy Hash: A0B228F3A0C2049FE3086F2DEC8567ABBE5EF94320F16493DEAC587744EA3558058697
                                                      Function 0032D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #'$CV$KV$T>
                                                      • API String ID: 0-95592268
                                                      • Opcode ID: 2a2657253bf54d437f8bfe819b55201aa5fa920faef4fd4a1d38c6d0e2f06de5
                                                      • Instruction ID: 11f5c0a8f9169b1c8b18d137414c5b7a0e35b7b580444902cd070c17124765b7
                                                      • Opcode Fuzzy Hash: 2a2657253bf54d437f8bfe819b55201aa5fa920faef4fd4a1d38c6d0e2f06de5
                                                      • Instruction Fuzzy Hash: 248156B4801B459FDB20DFA5D28556EBFB1FF16300F605A0CE486ABA55C330AA55CFE2
                                                      Function 0032AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (g6e$,{*y$4c2a$lk
                                                      • API String ID: 0-1327526056
                                                      • Opcode ID: cd44a12ffc6748166289e478a0894bde2a57d6c740e8fef1ed7f3d67a61a3197
                                                      • Instruction ID: 2823e85685b16c0aa36d874df4e105248ac701b9c2c31dee9be4cff4ccfdc712
                                                      • Opcode Fuzzy Hash: cd44a12ffc6748166289e478a0894bde2a57d6c740e8fef1ed7f3d67a61a3197
                                                      • Instruction Fuzzy Hash: 814197B4408381CBD7229F20E900BABB7F4FF86306F54995DE5C89B260EB31D944CB96
                                                      Function 004C87F9 Relevance: 4.9, Strings: 3, Instructions: 1135COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 3cm$3cm$L/
                                                      • API String ID: 0-814528780
                                                      • Opcode ID: 0e9bb57163c3ff18fb882a2652d15acbfef0970f8164f6e7646963fefeda9517
                                                      • Instruction ID: 6020413e488701ec7cfb7aaa7f31c4d02d924bf4534e752f7547612ca65cc1fb
                                                      • Opcode Fuzzy Hash: 0e9bb57163c3ff18fb882a2652d15acbfef0970f8164f6e7646963fefeda9517
                                                      • Instruction Fuzzy Hash: 44721AF350C2049FE704AE2DDC4567ABBE6EF94720F1A893DEAC4C7744EA3598018697
                                                      Function 0032C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($%*+($~/i!
                                                      • API String ID: 0-4033100838
                                                      • Opcode ID: 10f45f9974560c0fd28f2acae1b111f436162e65f6c9c87f8964daf41209a86a
                                                      • Instruction ID: af708269089fa212638b5915f4bc0059142fc2d7148ac51a74124616a199e60e
                                                      • Opcode Fuzzy Hash: 10f45f9974560c0fd28f2acae1b111f436162e65f6c9c87f8964daf41209a86a
                                                      • Instruction Fuzzy Hash: F1E187B5519340DFE3219F24E881B1FBBF9FB85345F48882CE9898B261D731E815CB92
                                                      Function 004CB6A9 Relevance: 4.2, Strings: 2, Instructions: 1656COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: W6I$n-{
                                                      • API String ID: 0-581932420
                                                      • Opcode ID: 89fb252ab4ed3c81fcc4a70997e15033e6837a6a38b1ff5f1ddc4a53d6433008
                                                      • Instruction ID: 15d8edfc11559ef9ae16ec66015f84f08b959887c93d2067b382684977d2a2ad
                                                      • Opcode Fuzzy Hash: 89fb252ab4ed3c81fcc4a70997e15033e6837a6a38b1ff5f1ddc4a53d6433008
                                                      • Instruction Fuzzy Hash: 92B2F8F3A082049FE304AE2DEC8567ABBE5EFD4720F1A853DE6C4C7744EA3558058796
                                                      Function 00308590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )$)$IEND
                                                      • API String ID: 0-588110143
                                                      • Opcode ID: 239e87bb2d896031f1c0243d5a029efb13ef2dd20673cfe1ffcf147b6cc376ad
                                                      • Instruction ID: be39a01f7b548105153e12998216652b67751ab1065a89440c316c6ac064ddc8
                                                      • Opcode Fuzzy Hash: 239e87bb2d896031f1c0243d5a029efb13ef2dd20673cfe1ffcf147b6cc376ad
                                                      • Instruction Fuzzy Hash: 48E1EDB1A097069FE311CF28C89172ABBE4BB94314F144A2DE9D59B3C1DB75E814CBC2
                                                      Function 004D7268 Relevance: 4.1, Strings: 2, Instructions: 1584COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Suv}$<Nz
                                                      • API String ID: 0-2086871308
                                                      • Opcode ID: 0e895ba9cf40e50f1a4d5fad5deca0a1003116bb884e6142952e5336c10c622d
                                                      • Instruction ID: af750ff02f75e6a7f3adab599e274c23c7854ded237e0e2a9d8d62d621de8c92
                                                      • Opcode Fuzzy Hash: 0e895ba9cf40e50f1a4d5fad5deca0a1003116bb884e6142952e5336c10c622d
                                                      • Instruction Fuzzy Hash: 99B206F3A0C2049FE7046E2DEC4567ABBE9EFD4720F16893DE6C487744EA3598018697
                                                      Function 00344040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($f
                                                      • API String ID: 0-2038831151
                                                      • Opcode ID: db4461f77f0495618f93af0853c2f02ac5f666a8d28d37249aa03e041ac82c74
                                                      • Instruction ID: 456f210c2840074c51b216afd185675190cb8b76ff5cac8ed1baa9d3b36d8631
                                                      • Opcode Fuzzy Hash: db4461f77f0495618f93af0853c2f02ac5f666a8d28d37249aa03e041ac82c74
                                                      • Instruction Fuzzy Hash: 6812BB716083409FC716CF18D890B2EBBE6FB89314F198A2CF4A58B391D735E945CB92
                                                      Function 0033F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: dg$hi
                                                      • API String ID: 0-2859417413
                                                      • Opcode ID: 4d6a974f62543284a979b4aadf665b5921efadc8840d692efe9d8d3395491241
                                                      • Instruction ID: 1fa61fbb39b798cc7dea98bba98639f8c3a9522e480a05d501cfdbdc139c99df
                                                      • Opcode Fuzzy Hash: 4d6a974f62543284a979b4aadf665b5921efadc8840d692efe9d8d3395491241
                                                      • Instruction Fuzzy Hash: 04F18271A18341EFE705CF24E891B2BBBEAEB86345F54992CF4858B2A1C734D845CB12
                                                      Function 003035B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Inf$NaN
                                                      • API String ID: 0-3500518849
                                                      • Opcode ID: 6cb35d42bcb71e1acdc33b6ebf5f972f96283929d26c9f0e24556e4f094537c6
                                                      • Instruction ID: 09e17e3de5c92dd982a29081a82675452eab508c15133b0e88985025ad6ec4ee
                                                      • Opcode Fuzzy Hash: 6cb35d42bcb71e1acdc33b6ebf5f972f96283929d26c9f0e24556e4f094537c6
                                                      • Instruction Fuzzy Hash: 8BD1D371B193119BC705CF28C89061BBBE9EBC8750F158A2DF9999B3E0E771DD058B82
                                                      Function 0031FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BaBc$Ye[g
                                                      • API String ID: 0-286865133
                                                      • Opcode ID: 274be5129b9333d5ec8cd47555abc6896b395b3cae2d4d41a8156d03d972ecdd
                                                      • Instruction ID: e6b46774c263c7a2fcf5e973fbc3e2c0de62150c8ff4b6377e2e66f50dc416e8
                                                      • Opcode Fuzzy Hash: 274be5129b9333d5ec8cd47555abc6896b395b3cae2d4d41a8156d03d972ecdd
                                                      • Instruction Fuzzy Hash: DE51BBB16083918BD336CF14D881BABB7E0FF96310F098D1DE49A9B652E3749948CB57
                                                      Function 0037FA35 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -5ow$J]
                                                      • API String ID: 0-903443340
                                                      • Opcode ID: 86869d08309f5009e64e0764f0559c67fdc484f80fb455eb14714d031b7e3bf7
                                                      • Instruction ID: 6a97ae6685d5cf6322107280a0013b98225979d9ff522cd1fdc1a218d35fe9c8
                                                      • Opcode Fuzzy Hash: 86869d08309f5009e64e0764f0559c67fdc484f80fb455eb14714d031b7e3bf7
                                                      • Instruction Fuzzy Hash: 89418AF3A082146BF3085929EC657BBB78ADBC4734F3A463EDAC597B80EC755D014292
                                                      Function 00305160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %1.17g
                                                      • API String ID: 0-1551345525
                                                      • Opcode ID: e664f6d26e5dc06e1a9284473044009e2819d428461c41e81c5082730815e6d1
                                                      • Instruction ID: 53087ac0bc4b5fe18d0032075257b7c8f2486c70947dcb0b8275133c826099ed
                                                      • Opcode Fuzzy Hash: e664f6d26e5dc06e1a9284473044009e2819d428461c41e81c5082730815e6d1
                                                      • Instruction Fuzzy Hash: 5D22E3B6A0AB42CBE7168E18D860327BBA2AFE1704F1E856DD8594B3C1E771DC04DF41
                                                      Function 003312D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "
                                                      • API String ID: 0-123907689
                                                      • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                      • Instruction ID: ce01bd62b547ebc1ac152f45f6dff3730d572e87e42f1ae1b13d832b12a75b50
                                                      • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                      • Instruction Fuzzy Hash: F5F13471A083414BC726CF29C4D1A2BBBE6AFC5350F1DC96DE89A8B382D634DD458792
                                                      Function 0032AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 5b69773ce1b320e6d6d88b4995b7725998c708d8c3638386817dcefeeabc9d02
                                                      • Instruction ID: 3611b81157bfc27aa37223065f1d566873bb3b67860567b60429d7708b80dc8a
                                                      • Opcode Fuzzy Hash: 5b69773ce1b320e6d6d88b4995b7725998c708d8c3638386817dcefeeabc9d02
                                                      • Instruction Fuzzy Hash: 02E1B675508316CBC326DF28E89066AF3F6FF98782F15891CE4C587260E334A959CB82
                                                      Function 00316EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 883c129e6482996c86e956d7aefce0368e6173818a116061a02dfa00a657aa44
                                                      • Instruction ID: 45bc5dd8300dede06aae5a8942be8952cffdf52aa22e59b5612b463e322d9659
                                                      • Opcode Fuzzy Hash: 883c129e6482996c86e956d7aefce0368e6173818a116061a02dfa00a657aa44
                                                      • Instruction Fuzzy Hash: 96F1A2B5A10701CFC72ADF64D891A66B3F6FF49314B188A2DD4978B691EB30F855CB40
                                                      Function 00327E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: a361be50cfe93d8c389d9d309ba8455121a91b5046e4de1a7a2b9e404201345b
                                                      • Instruction ID: 2f81cdbb811ee046228ef744560925e658611000ebe6c0451193f12fe786d3e8
                                                      • Opcode Fuzzy Hash: a361be50cfe93d8c389d9d309ba8455121a91b5046e4de1a7a2b9e404201345b
                                                      • Instruction Fuzzy Hash: 49C1C171509320ABD712EB14E882A2BB7F5FF95754F09881CF8C59B291E734EC15CBA2
                                                      Function 00328D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 94c9858e718f797a586365844d03ee318a46bde0f468fd01ffda1a679e6c29e3
                                                      • Instruction ID: 0157918c699da1e66a667d23faa342bd5267322d02386cdc2c6bb5fcbd5832f4
                                                      • Opcode Fuzzy Hash: 94c9858e718f797a586365844d03ee318a46bde0f468fd01ffda1a679e6c29e3
                                                      • Instruction Fuzzy Hash: DCD1D170619302DFD709DF68EC90A2AB7F9FF89305F49486CE886872A1D735E950CB51
                                                      Function 00314487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BI1
                                                      • API String ID: 0-4231689418
                                                      • Opcode ID: 49c1f4cd7b381abe46c02d1e4ea1c734f1244159ab1e095c77d4c21e77569d87
                                                      • Instruction ID: 44847c6b7e9ad2d5ffe000c44845e0f36faea5711490d840bd95a80e2e3d66d4
                                                      • Opcode Fuzzy Hash: 49c1f4cd7b381abe46c02d1e4ea1c734f1244159ab1e095c77d4c21e77569d87
                                                      • Instruction Fuzzy Hash: 2BE1F0B5611B008FD326CF28D992B97B7E5FF0A704F04886CE4AACB752DB35B8548B54
                                                      Function 00347FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: P
                                                      • API String ID: 0-3110715001
                                                      • Opcode ID: 18ae2900836defaf65fa60438021e2965e8bd67b03ed1f688b6e010230e6fd66
                                                      • Instruction ID: fa02cf1dbdcfb857acbde1daabfe70dfe88739d0e788bbc3bf1c9ccfb95ce641
                                                      • Opcode Fuzzy Hash: 18ae2900836defaf65fa60438021e2965e8bd67b03ed1f688b6e010230e6fd66
                                                      • Instruction Fuzzy Hash: 3ED1D4769082654FC726CF18D89071EB6E1EB85718F168A2CE8A5AF390CB71EC46C7C1
                                                      Function 00346CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "p4
                                                      • API String ID: 0-3389245151
                                                      • Opcode ID: 5f69f069cf3a80fb15e038fade99d61fa8d74397708044ff0bf110ca4eb2b45d
                                                      • Instruction ID: 957f41e7cc917e4b7d48dd9721cf66fcfc08d92797239f84bba13a5e2d617eb6
                                                      • Opcode Fuzzy Hash: 5f69f069cf3a80fb15e038fade99d61fa8d74397708044ff0bf110ca4eb2b45d
                                                      • Instruction Fuzzy Hash: 07D1F33661C391CFC716CF38D89052ABBE5BB8A355F094A6CE891C73A1D330EA44CB91
                                                      Function 0032CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: %*+(
                                                      • API String ID: 2994545307-3233224373
                                                      • Opcode ID: 26fb33b2b0a2c2fbd4f2197f0484da001ec18215436ca00787a73851b0c13ae7
                                                      • Instruction ID: c76257c0f44a01e785e04a954d4ec566245607268baf363543b18578df714cc9
                                                      • Opcode Fuzzy Hash: 26fb33b2b0a2c2fbd4f2197f0484da001ec18215436ca00787a73851b0c13ae7
                                                      • Instruction Fuzzy Hash: D7B120706283119BD716DF14E890B2FFBE6EF85341F15592CE5C58B262E331E815CB92
                                                      Function 0030A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,
                                                      • API String ID: 0-3772416878
                                                      • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                      • Instruction ID: ccc84c352bc81b73910b16f3342af35bc31d5ace266eb96a01c93d1ba56dd155
                                                      • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                      • Instruction Fuzzy Hash: E1B148702097859FC321CF58D89061BFBE1AFA9704F448A2DF5D997782D231EA08CB67
                                                      Function 0033FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 064886e85b8f367fa70eb591d6afc1891a52964c1bebf625b81fe79eab9a6b28
                                                      • Instruction ID: 2d1b45e358510e4e2b71127eb51234ab0d3a4e7ac61bf5dc5b00505c661aaa7c
                                                      • Opcode Fuzzy Hash: 064886e85b8f367fa70eb591d6afc1891a52964c1bebf625b81fe79eab9a6b28
                                                      • Instruction Fuzzy Hash: 9D81BD71918301AFD712EF54E884A2BB7E9FB99706F54882CF5859B261D730E814CB62
                                                      Function 00460D54 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: hOn
                                                      • API String ID: 0-884578277
                                                      • Opcode ID: c248c4e942c82bf14963190a66872877e69cfd67151ac60a2f5f9ff92a8445ea
                                                      • Instruction ID: 176534552cc51d9a8d1d59e6fd44247744f2d240236c35ef01fa6e072e82ece5
                                                      • Opcode Fuzzy Hash: c248c4e942c82bf14963190a66872877e69cfd67151ac60a2f5f9ff92a8445ea
                                                      • Instruction Fuzzy Hash: DB7159B3A086185FF3046E79DC8977ABBD6EBD4320F17863DDAD997B84E97408008691
                                                      Function 0031D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 3bd6366f91da57c5482361ed5d49e015b8b49490f77a52efa71907ff82c64068
                                                      • Instruction ID: cd5cc41a1b9e6f8623b8b64da2032934ef85b5a100a1d4faa846b3278321786d
                                                      • Opcode Fuzzy Hash: 3bd6366f91da57c5482361ed5d49e015b8b49490f77a52efa71907ff82c64068
                                                      • Instruction Fuzzy Hash: AE611376908300DBC716EF18DC42A6AB3B5FF9A344F49052CF8858B2A1E331EA50C792
                                                      Function 0043C85B Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: >9>
                                                      • API String ID: 0-3394198013
                                                      • Opcode ID: 3eff8b2832f110e74c43a010de0375904c73828276b93bd407496cad8de28c2c
                                                      • Instruction ID: 32f6b59dcdbe9db8d15c2395a595d4d3d29209151dbf27d51644b063f1a2630e
                                                      • Opcode Fuzzy Hash: 3eff8b2832f110e74c43a010de0375904c73828276b93bd407496cad8de28c2c
                                                      • Instruction Fuzzy Hash: 1161F8F39086109FE3146F2DDC4577AB7E5EF94720F1B4A2CDAD893780EA3558408697
                                                      Function 00344A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 460f0ee6bef2da629ee128d780822eee6d497278efdaa953cefc1e9ca54c760c
                                                      • Instruction ID: 087380fa0b9a9f27d74212b5d86c9385bccd50efae6a02d2d0860b2f8663de95
                                                      • Opcode Fuzzy Hash: 460f0ee6bef2da629ee128d780822eee6d497278efdaa953cefc1e9ca54c760c
                                                      • Instruction Fuzzy Hash: A361E171608341ABD712DF55C880B2ABBEAEBC4315F19892CE5C58F2A1D771FC40CB52
                                                      Function 0030E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0030E333
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                      • API String ID: 0-2471034898
                                                      • Opcode ID: 5de499f55a81c157e73a6553e5d34c98e183cf5aa0c87fabc906d8e5b763738d
                                                      • Instruction ID: 3db1d3f54054b3440ab9bbc9d7b8d71ed5244863523d6343ce6e1044743f62df
                                                      • Opcode Fuzzy Hash: 5de499f55a81c157e73a6553e5d34c98e183cf5aa0c87fabc906d8e5b763738d
                                                      • Instruction Fuzzy Hash: 67512837B1B6904BD32A993C5C653696E8F0B93334F3ECBA9E9F18B7E1D55548014390
                                                      Function 00343920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: d0a185b88c4d4e210d44c2205a66658f5f0610b0a1adfd3d4d5565b5f0305743
                                                      • Instruction ID: 84d18bcb1b6d40fefed601a3d3ead11f9ef3cbbed21ec3005f12e3db88d02150
                                                      • Opcode Fuzzy Hash: d0a185b88c4d4e210d44c2205a66658f5f0610b0a1adfd3d4d5565b5f0305743
                                                      • Instruction Fuzzy Hash: 78518F346093409BCB26DF19D890B2EBBE9EF89745F19881CE4C69B251D371FD10CB62
                                                      Function 00311BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: L3
                                                      • API String ID: 0-2730849248
                                                      • Opcode ID: 82371f9560ea17e5c01e2b4743505efa0fb70e646fcdacb2be36a076840b7592
                                                      • Instruction ID: 55be64631b9b870d42afeb62e6e91df579665366c75c9a2d61e5cddc47e222e8
                                                      • Opcode Fuzzy Hash: 82371f9560ea17e5c01e2b4743505efa0fb70e646fcdacb2be36a076840b7592
                                                      • Instruction Fuzzy Hash: F14174B80083809BC7199F14D894AAFBBF4FF8A314F04991CF6C59B2A0D736C955CB96
                                                      Function 0033FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: a985fcc35d36dbae5349a7a9072ae9ae300c14b90f89c869c96e846b3dcd1aa7
                                                      • Instruction ID: 31d52d7617be093af4f0511583c12fd66614c80b71415d0e0d74ad17be158c66
                                                      • Opcode Fuzzy Hash: a985fcc35d36dbae5349a7a9072ae9ae300c14b90f89c869c96e846b3dcd1aa7
                                                      • Instruction Fuzzy Hash: 4F31F6B1B04301ABD616EB64DC81B2BB7E8EB85748F544828FA859F252E331FC14C763
                                                      Function 0032E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 72?1
                                                      • API String ID: 0-1649870076
                                                      • Opcode ID: 4d49790cd66620ec2588b0417733dd29b8f66b2044ea8239fe459c6b319aa1d3
                                                      • Instruction ID: 3ef5be66abe4167aeee4b1d37d2e03444b58dc771d92533345d11af1ab15eb82
                                                      • Opcode Fuzzy Hash: 4d49790cd66620ec2588b0417733dd29b8f66b2044ea8239fe459c6b319aa1d3
                                                      • Instruction Fuzzy Hash: 8231E6B5A01354CFC722CF98E8916AFF7B8FB06305F140418E446AB351D331AD04CBA1
                                                      Function 00316F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 77cac274864ad3495926109c4950a8e0a25255e57a190c6ff4e35bcdc23ec6a0
                                                      • Instruction ID: 7f2a2387b17d99e883b73df1b13a6e5482186f698272ac779c2c2da99e04d151
                                                      • Opcode Fuzzy Hash: 77cac274864ad3495926109c4950a8e0a25255e57a190c6ff4e35bcdc23ec6a0
                                                      • Instruction Fuzzy Hash: 74414775604B04DBD73A8B61C994F26B7F6FB0D705F188918E5869BAA1E331F8408B10
                                                      Function 0032E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 72?1
                                                      • API String ID: 0-1649870076
                                                      • Opcode ID: ebf5b3f0a9b9e942daa3a19a63fd846bfa37c8dd1e02600d3e3aeb6c45369a8b
                                                      • Instruction ID: 7e96b0945c25d7b83cbc36843df41b4a0aa07e02adea8588109f4c17ab6ecdc8
                                                      • Opcode Fuzzy Hash: ebf5b3f0a9b9e942daa3a19a63fd846bfa37c8dd1e02600d3e3aeb6c45369a8b
                                                      • Instruction Fuzzy Hash: BC21C1B1A01354CFC722CF99E991A6FBBB9FB1A745F14081CE446AB351C335AD00CBA2
                                                      Function 00349CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: @
                                                      • API String ID: 2994545307-2766056989
                                                      • Opcode ID: a4ae21fff57ef2476337007634502cb85afcda52dce1e217f0f5844f71f68063
                                                      • Instruction ID: 86aa07e51a5e8bca708ddcd445750276f45db396c80916a6625378ebdbd44204
                                                      • Opcode Fuzzy Hash: a4ae21fff57ef2476337007634502cb85afcda52dce1e217f0f5844f71f68063
                                                      • Instruction Fuzzy Hash: 463187709083009BD711EF14D880A2BFBF9FF9A314F14892DE6C89B261D335E904CBA6
                                                      Function 00314E2A Relevance: 1.0, Instructions: 957COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 68ca6eef719b9bfd82afd0510e8d6af99e1a440788cfb4a4d07d36f1670ba81d
                                                      • Instruction ID: af562159789f622b4ace20f5c679d273b412464919db633a22ebc8b8c052b18f
                                                      • Opcode Fuzzy Hash: 68ca6eef719b9bfd82afd0510e8d6af99e1a440788cfb4a4d07d36f1670ba81d
                                                      • Instruction Fuzzy Hash: B7624A74510B00CFD72ACF24D990B67B7F6AF8A700F54892CD49A8BA52E734F894CB91
                                                      Function 0030BEB0 Relevance: .9, Instructions: 895COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                      • Instruction ID: 445ae241326e211d0283d3a5253f7fc36682e0bd94bf13e740227f01b92e6b58
                                                      • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                      • Instruction Fuzzy Hash: 995219319297118BC7269F18D8602BAF3E1FFC5319F299B2DD9C6972C0D734A851CB86
                                                      Function 00348652 Relevance: .7, Instructions: 710COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 12ecffdec66a17befc7be0fa68e76271d46b7e8af57e266443be0dd44019c9f5
                                                      • Instruction ID: 8e52295a0412e38426b6f94fb21caf068aab8a7050d44a75e7a4de7821bbd13e
                                                      • Opcode Fuzzy Hash: 12ecffdec66a17befc7be0fa68e76271d46b7e8af57e266443be0dd44019c9f5
                                                      • Instruction Fuzzy Hash: 0422BE35608341DFC70ADF68E89062AB7F5FF8931AF09886DE58987361D735E990CB42
                                                      Function 003486F0 Relevance: .7, Instructions: 681COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf1a9f03ce225f37797bd0b774679e97197bc21dd9c4fbe457726db8681bbda4
                                                      • Instruction ID: 305d3a73c04c376cfed44e62b400001fa739ebc269866ad0fe2a674b9c5ff283
                                                      • Opcode Fuzzy Hash: bf1a9f03ce225f37797bd0b774679e97197bc21dd9c4fbe457726db8681bbda4
                                                      • Instruction Fuzzy Hash: FB229D35608340DFD70ADF68E89061EBBF5FB8A30AF09896DE58587361D735E990CB42
                                                      Function 0030B3A0 Relevance: .7, Instructions: 670COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5d32eacc68fec91e4ab5625d4fc7a6d8f8af0e57c5aa7e22ac5eb438e25e7bef
                                                      • Instruction ID: 5d85af6ce9307fd1fbb1f967b2f6735a2385ee9510bcbfba3144f8b97b7903eb
                                                      • Opcode Fuzzy Hash: 5d32eacc68fec91e4ab5625d4fc7a6d8f8af0e57c5aa7e22ac5eb438e25e7bef
                                                      • Instruction Fuzzy Hash: B452E470909B848FE732CB24C4A47A7FBE2AF95314F154C6DC5E606BC2C779A885CB51
                                                      Function 003071F0 Relevance: .7, Instructions: 657COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d9f604a6692a3049c5d3a708d29694acaac4d90dc0a09dc6f6646eb0b258ec99
                                                      • Instruction ID: 1cff0834994031f155af56adfbff33c38fdfbbf0330b67b1740858346e72bf0d
                                                      • Opcode Fuzzy Hash: d9f604a6692a3049c5d3a708d29694acaac4d90dc0a09dc6f6646eb0b258ec99
                                                      • Instruction Fuzzy Hash: 0F52D43190D3458FCB16CF18C0A06AABBE1FF89314F198A6DF8995B391D774E949CB81
                                                      Function 00308FD0 Relevance: .6, Instructions: 620COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf5435324ba1af7328326c0c9c16c93c8ca4b466c6f559b49dc9c5fb269271b9
                                                      • Instruction ID: ba68dfb5712f249e8fea9de4d091221d66eda653b3ebe57ff633f66b46c34f99
                                                      • Opcode Fuzzy Hash: bf5435324ba1af7328326c0c9c16c93c8ca4b466c6f559b49dc9c5fb269271b9
                                                      • Instruction Fuzzy Hash: A042A679209301DFD705CF29D86075ABBE5BF8A314F09886DE4858B3A2DB35E985CF42
                                                      Function 00307BF0 Relevance: .6, Instructions: 592COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8992d960a30128b079d971163ef4a5a2811b0539351bcd6e2bbb1946165379ba
                                                      • Instruction ID: f7ff314507e0e45c8b95d54dac94b8f6352bc40bf770b6e1cb5ceded080eaa47
                                                      • Opcode Fuzzy Hash: 8992d960a30128b079d971163ef4a5a2811b0539351bcd6e2bbb1946165379ba
                                                      • Instruction Fuzzy Hash: 99320270916B118FC36ACF29C5A0526BBF5BF85710B604A2ED6A787F90DB36F845CB10
                                                      Function 003489A0 Relevance: .5, Instructions: 545COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e124baec599510ddf2b9e4dfb8997dd5fc825aebc4e04bc183d0489c04ebba5
                                                      • Instruction ID: ad4e631d35d1a01558dc471273eb0cbe6246c21be2b9e8d10b9a89e74e7d8072
                                                      • Opcode Fuzzy Hash: 2e124baec599510ddf2b9e4dfb8997dd5fc825aebc4e04bc183d0489c04ebba5
                                                      • Instruction Fuzzy Hash: 54029B35608340DFC706DF68E89061ABBF5EF8A30AF09896DE5C58B261C735E954CB92
                                                      Function 00348A80 Relevance: .5, Instructions: 524COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 04853f4a7e8a7f0a8c1a4990e615cba82242d9bd8e2ede306680f5dc63e4ac1e
                                                      • Instruction ID: 6d3df27269d91cbe5790d5505c00b6deac3dac372363e202e9092c8a9f72727d
                                                      • Opcode Fuzzy Hash: 04853f4a7e8a7f0a8c1a4990e615cba82242d9bd8e2ede306680f5dc63e4ac1e
                                                      • Instruction Fuzzy Hash: C3F1793560C340DFD706DF68E88061EBBE5EB8A309F098D6DE4C58B261D736E954CB92
                                                      Function 00348C02 Relevance: .5, Instructions: 487COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6d0ce2397b2f6df0260782a74006ffe5ad2e520e96be7f7e5dd9ebc10a210583
                                                      • Instruction ID: 3442bcefca4c6ae1c98c80365d700a31854c9c70eb4c6fb017482c9417a33958
                                                      • Opcode Fuzzy Hash: 6d0ce2397b2f6df0260782a74006ffe5ad2e520e96be7f7e5dd9ebc10a210583
                                                      • Instruction Fuzzy Hash: 0DE1BF35608350CFC70ADF28E88062AB7E5EB8A319F098D6DE5C58B361D735E950CB92
                                                      Function 0030A300 Relevance: .5, Instructions: 459COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                      • Instruction ID: 2441b680c4e7ed4cee5495f5f9ce415ec7e0041e4fb108a9f3802c03544b50e7
                                                      • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                      • Instruction Fuzzy Hash: EFF1CB762097418FC725CF29C89066BFBE6AFD8300F08882DE4C587791E639E849CB52
                                                      Function 00348E70 Relevance: .4, Instructions: 420COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be9429b56a90f83b6afe3a6230753bbf92385567ba9b5848c394631d2cc112c2
                                                      • Instruction ID: 3a27aa88d5368a614ebbc0675f932618205a4ad2ea87c67cf187c3326ce39c21
                                                      • Opcode Fuzzy Hash: be9429b56a90f83b6afe3a6230753bbf92385567ba9b5848c394631d2cc112c2
                                                      • Instruction Fuzzy Hash: C2D16C3460C350DFD706DF28D89062ABBE5EB8A309F098D6DE5C58B261D736E854CB52
                                                      Function 00347AB0 Relevance: .4, Instructions: 354COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b5a417ac2d9867f3ee5ea6e2bc33b36a9f8f6137e5ef81c667e1fda583db40f0
                                                      • Instruction ID: 842915200f21528048f6abff0143c54f335301bb7a31fac9a6548bc73986d87f
                                                      • Opcode Fuzzy Hash: b5a417ac2d9867f3ee5ea6e2bc33b36a9f8f6137e5ef81c667e1fda583db40f0
                                                      • Instruction Fuzzy Hash: 60B1F7B2A083504BE325DF28CC4576BB7E9EBC5314F054A6CE9999F391E735EC048B92
                                                      Function 0030AF10 Relevance: .3, Instructions: 303COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                      • Instruction ID: 7a240ae924bd2772bc19aed7a37b3ec3399ec9a3eea43f1741672a0bcc8a09df
                                                      • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                      • Instruction Fuzzy Hash: 87C19CB2A187418FC375CF28DC96BABB7E1BF85318F08492DD1D9C6242E778A155CB06
                                                      Function 00316536 Relevance: .3, Instructions: 295COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6a060af25e6c861db35776b9f796c284b5ef3c8a0c0b63dfd98de8165bc8f6c7
                                                      • Instruction ID: c1c385ab0a1b33a1d6edd66c96da4fef3f69256ed398707f2ef5157451f42f58
                                                      • Opcode Fuzzy Hash: 6a060af25e6c861db35776b9f796c284b5ef3c8a0c0b63dfd98de8165bc8f6c7
                                                      • Instruction Fuzzy Hash: 85B112B4510B408FC326CF24D991B57BBF2AF4A704F14885CE8AA8BB92E735F845CB54
                                                      Function 00347710 Relevance: .3, Instructions: 287COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 29b7d7cf796a683b512cfcd18ef7d0cb41b8cd54d196fdb94ccc3853625e8afe
                                                      • Instruction ID: a8d88f33d6bc323f1981fdf72fb82071e70260958ebb199a8a1d658707af358c
                                                      • Opcode Fuzzy Hash: 29b7d7cf796a683b512cfcd18ef7d0cb41b8cd54d196fdb94ccc3853625e8afe
                                                      • Instruction Fuzzy Hash: 52916A71A0C341ABE722DB14D841BABBBE5EB89354F548C1CF9959B352E730F940CB92
                                                      Function 0034A0D0 Relevance: .3, Instructions: 282COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 023ade47e03ca1231e3a1c15c4db19fd70fd60bc0998705ac1bd43cd9b6c5f16
                                                      • Instruction ID: 986a0593b772ffb0bb3fd2ecf474d7108a531c32e09d6bdff1f650c1ed10288e
                                                      • Opcode Fuzzy Hash: 023ade47e03ca1231e3a1c15c4db19fd70fd60bc0998705ac1bd43cd9b6c5f16
                                                      • Instruction Fuzzy Hash: 77818E34248B018BD726DF28D890A2AB7F5EF59740F56896CE586CF261E731FC50CB92
                                                      Function 003364F0 Relevance: .2, Instructions: 246COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a067fd1c7727267fb452aacabb3c2ee17f14a8d07ed2e1722c60f0d1b9665ecc
                                                      • Instruction ID: 2cfdf830cb45217d027f44ac586088d8d110f682292a21b8cee436c4de1bcf1c
                                                      • Opcode Fuzzy Hash: a067fd1c7727267fb452aacabb3c2ee17f14a8d07ed2e1722c60f0d1b9665ecc
                                                      • Instruction Fuzzy Hash: DA71F637B29A904FD3168D3C9C83395AA874BD7334F3EC379A9B48B7E5D62948064340
                                                      Function 003228E9 Relevance: .2, Instructions: 244COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d573a7162e5477ce2fbddc584465a6a02d194181a4c842ecedf5978c32605316
                                                      • Instruction ID: 0456b75e43952d59bc566fe9f0a77fefe76d4f600c4fa2dc72e1e04c33a50519
                                                      • Opcode Fuzzy Hash: d573a7162e5477ce2fbddc584465a6a02d194181a4c842ecedf5978c32605316
                                                      • Instruction Fuzzy Hash: 5A6189B45183609BD312AF19E851A2BBBF0FF96750F04491CF8C58B262E33AD910CB67
                                                      Function 00327C00 Relevance: .2, Instructions: 243COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c39147a27613bfecaa36d1fe73d9463cc6fc6d73b4d0c8fed7af52b33e358a1c
                                                      • Instruction ID: 72042625b400a6ed990eeb1972238935400c82271aaf44fbdf8135024bc90c68
                                                      • Opcode Fuzzy Hash: c39147a27613bfecaa36d1fe73d9463cc6fc6d73b4d0c8fed7af52b33e358a1c
                                                      • Instruction Fuzzy Hash: 1F51CDB1618224ABDB229B24EC92BB733B8FF85364F154558F9858F390F375E801C762
                                                      Function 004BF9CC Relevance: .2, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f4984a67230d2524529f203953ace0b951231c85ec32ea4fbb52216c73ef9c5
                                                      • Instruction ID: 70d10159d45d4b547fe26aaac1b8ebc1ffa2819295c5548af6e545fd585fd1d1
                                                      • Opcode Fuzzy Hash: 1f4984a67230d2524529f203953ace0b951231c85ec32ea4fbb52216c73ef9c5
                                                      • Instruction Fuzzy Hash: 8D718CB3F516154BF3884838CD693B66683DBD4320F2F82388F59AB7C9D97E5D095284
                                                      Function 00331860 Relevance: .2, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                      • Instruction ID: 1bb0f04067524864f5881021f3e28f6bb47e9984f97d32475f41cf055bd61145
                                                      • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                      • Instruction Fuzzy Hash: 0361DE31609301ABD716CE28C9C032FBBE6ABC9351F69C92DF4998B351D370DD819781
                                                      Function 003382D0 Relevance: .2, Instructions: 215COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 751994da4476877f3aab8a046225d397b7488490cf58f7db40900abfcadffdf9
                                                      • Instruction ID: fa275bb93de90a401b386377d6b65e52d1de179136fa3ba3b803fa9e57bc91dc
                                                      • Opcode Fuzzy Hash: 751994da4476877f3aab8a046225d397b7488490cf58f7db40900abfcadffdf9
                                                      • Instruction Fuzzy Hash: 0F61372BB5AB904BD317473D5C953A66A8B1BD3330F3EC366A8F18BBE5CD6948014341
                                                      Function 003142FC Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f4414538ef17dd3077a971870f9bd6cf5a563a87ac2cc2ae35c10e320aac5a1c
                                                      • Instruction ID: 211fad63ca1748bbaee714780453491886eabacf7a57912b4070479a21aad7e9
                                                      • Opcode Fuzzy Hash: f4414538ef17dd3077a971870f9bd6cf5a563a87ac2cc2ae35c10e320aac5a1c
                                                      • Instruction Fuzzy Hash: F381E1B4811B00AFD361EF39D947797BEF4AB06301F404A1DE8EA97694E7306459CBE2
                                                      Function 0033E8A0 Relevance: .2, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                      • Instruction ID: 0d8810d85d5bcb4607607444228053dcd5e2d024dde58bdcbd702126c4dc4ca5
                                                      • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                      • Instruction Fuzzy Hash: E7515CB16087548FE314DF69D49435BBBE1BBC9318F054E2DE4E987390E379DA088B82
                                                      Function 00347520 Relevance: .2, Instructions: 176COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d203830cb51f2893d8f9764c73057a11398612be59581d1c5771a0798a68fa6
                                                      • Instruction ID: 1c2748e6ab82161485f46a5a951f7babcbb70d380a2cc2da7caf02deb2f1cf3a
                                                      • Opcode Fuzzy Hash: 7d203830cb51f2893d8f9764c73057a11398612be59581d1c5771a0798a68fa6
                                                      • Instruction Fuzzy Hash: 7351063160C2009BC7169E18CC90B3EBBE6EB89355F698A2CE8D55F391D735FC108B91
                                                      Function 00305A50 Relevance: .2, Instructions: 163COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 95775b26a7827c73ac457d76227837bc9d17e3f372126c67b6163893cd35d673
                                                      • Instruction ID: 1534303757b7e8e1f53fd257465b533def47ca2816de01301798ff55c26270f6
                                                      • Opcode Fuzzy Hash: 95775b26a7827c73ac457d76227837bc9d17e3f372126c67b6163893cd35d673
                                                      • Instruction Fuzzy Hash: D751D3B5A067049FD716DF18C8A0927B7A5FF85324F16466CE8958B392D730EC42CF92
                                                      Function 0054E18D Relevance: .2, Instructions: 162COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5ab96010ca65b87de03ef9382c529b1c3f9d0119a446c7ca4401c2964cca1be7
                                                      • Instruction ID: 426a1629a0468a40d4e099e420a2d982f12f66a3102e19c0c1fb1c758fa55b2e
                                                      • Opcode Fuzzy Hash: 5ab96010ca65b87de03ef9382c529b1c3f9d0119a446c7ca4401c2964cca1be7
                                                      • Instruction Fuzzy Hash: B34166B364C30C5FE310BE39EC4563ABBD9EBD4760F16853DEA8083744FA3959058692
                                                      Function 0032EC48 Relevance: .1, Instructions: 146COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 11c62f9bd9afd02ae99e964d3fd6a8dabec4c7a5ac891dba5dd92d20f680fb98
                                                      • Instruction ID: 2506504b8d0a88c90fa9367c7649c5bb87b61ff5fa627a5bf2c308c250b28bc8
                                                      • Opcode Fuzzy Hash: 11c62f9bd9afd02ae99e964d3fd6a8dabec4c7a5ac891dba5dd92d20f680fb98
                                                      • Instruction Fuzzy Hash: 68418074900325DFDF21CF94EC91BA9B7B0FF0A350F544548E945AB3A1EB38A951CB91
                                                      Function 00349B60 Relevance: .1, Instructions: 140COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16d16049f1f6e0c4403904a2b77c8faee7fdab257892dd08858298c3323cbc82
                                                      • Instruction ID: 4eb5c4509abd8b0e98776c5c2446e1ed0ad4a720e5a97322025ba13cd2a81ef7
                                                      • Opcode Fuzzy Hash: 16d16049f1f6e0c4403904a2b77c8faee7fdab257892dd08858298c3323cbc82
                                                      • Instruction Fuzzy Hash: 69418E34608340ABD716DB15D9D0B2BBBEAEB85710F55882DF58A9F251D335FC00CB62
                                                      Function 00312030 Relevance: .1, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9715845a60cc52e37a7b275f8b66ba74458f71a948a5c8cc77d319778f05ea1b
                                                      • Instruction ID: 53f12c1252823acff9e4a18d0390491fbd3261e96d99f167ef827a3b7646ac84
                                                      • Opcode Fuzzy Hash: 9715845a60cc52e37a7b275f8b66ba74458f71a948a5c8cc77d319778f05ea1b
                                                      • Instruction Fuzzy Hash: 92410A32A183654FD35DCF2984A027ABBE1AFC9300F09862EF4D68B3D0DB748995D781
                                                      Function 00311E93 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3c962af74c68521257e3e7681722f47bf494f6c52dcc1cf0f17006b8fa5ac17
                                                      • Instruction ID: cd9bd6fe205a421e95abbc5cad11ce201a6d7bcaff6ed1eecfa4f2fd6caf9f50
                                                      • Opcode Fuzzy Hash: a3c962af74c68521257e3e7681722f47bf494f6c52dcc1cf0f17006b8fa5ac17
                                                      • Instruction Fuzzy Hash: 0B4102745083809BD326AB54C884B1FFBF5FB8A745F144D1CF6C497292C376E8648B66
                                                      Function 00348D8A Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 32c3fbff7e85b4b9fb8557f0227a38a128d95ab9fbc7995ab38d8fa9381c4505
                                                      • Instruction ID: a1b8fe3df6f478b51ae8c731c95d82e211be6060f492818d50add706b24dd7bc
                                                      • Opcode Fuzzy Hash: 32c3fbff7e85b4b9fb8557f0227a38a128d95ab9fbc7995ab38d8fa9381c4505
                                                      • Instruction Fuzzy Hash: 2B41E331A0D3508FC305EF68C49052EFBE6AF9A300F0A8A1DD4D5DB2A1CB74ED018B82
                                                      Function 0031D961 Relevance: .1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f20637759e500896bb79e177a46147bb5d2f4cb2de901e2732b0c7218982be7
                                                      • Instruction ID: 6b7fa1dda5958325d18641251646a18ddcbf5e873be868d6458f42f953cb5fa4
                                                      • Opcode Fuzzy Hash: 1f20637759e500896bb79e177a46147bb5d2f4cb2de901e2732b0c7218982be7
                                                      • Instruction Fuzzy Hash: 5041BCB16483918BD735DF14C841BAFB7B4FF9B361F040958E88A8B6A1E7758880CB53
                                                      Function 0033F030 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                      • Instruction ID: 085dd622ba5d8dfabf4b200f0f7b80ebab0e0a8e0a34f6c8cbc1ae337774fbe0
                                                      • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                      • Instruction Fuzzy Hash: F1213732D082244BC3299B1DC9C053BF7E4EB99704F46863EE8C4AB295E3359C1487E1
                                                      Function 003467EF Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c6dd1d6561db28a4340c79f77a4e46e4e25b1bb43a1a041ad5f57fa632b6da44
                                                      • Instruction ID: 5cebd18d9e71eefecba02804ae06f02b1800c84ed7ffb035515785d618be9b0a
                                                      • Opcode Fuzzy Hash: c6dd1d6561db28a4340c79f77a4e46e4e25b1bb43a1a041ad5f57fa632b6da44
                                                      • Instruction Fuzzy Hash: 123113705183829AE715CF14C49162FBBF0EF96785F54580DF4C8AB261D338E985CB9A
                                                      Function 00325E70 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8398f7fc71e243456902581f46c93828136d69ea0c7260fbe16d0e6f6a5528a1
                                                      • Instruction ID: 8c23191d9a8e476ada8924950931fd16b392671169c6d929ac87a95a6136d949
                                                      • Opcode Fuzzy Hash: 8398f7fc71e243456902581f46c93828136d69ea0c7260fbe16d0e6f6a5528a1
                                                      • Instruction Fuzzy Hash: 0A21D170509220DBC312AF18D94197BB7F8EF92764F458908F4D58B291E334CA00CBA3
                                                      Function 003049A0 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                      • Instruction ID: c9adb1fc4a8dbc468cd3d3089bb4571cebfc52d335de53ec6fa795e757342fc7
                                                      • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                      • Instruction Fuzzy Hash: D931EC717593009BD7129F58D8A092BB7E1EFC4358F19853CE99A8B2C1D331DD52CB46
                                                      Function 003464B8 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: af04ece7e44c277dfa9c1602cc352e7e91c194f4d6bed5d9a12654fa28f7216b
                                                      • Instruction ID: 0c9b8fe1fc47318126ae399c855bbe09d68aa275835dae29ea6983847252c139
                                                      • Opcode Fuzzy Hash: af04ece7e44c277dfa9c1602cc352e7e91c194f4d6bed5d9a12654fa28f7216b
                                                      • Instruction Fuzzy Hash: BC214A7461C2409BCB06EF1AD491A2EFBE9FB9A745F19881CE4C59B361C335B850CB63
                                                      Function 00351184 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f086afbb9589d89497637478e72c786b43dac36ee1aee7a18ccc5538b1507eee
                                                      • Instruction ID: 3afd9875295248afdb2fb5bf5987bb17453bc7fc946bb1e3e0b22ba35e858159
                                                      • Opcode Fuzzy Hash: f086afbb9589d89497637478e72c786b43dac36ee1aee7a18ccc5538b1507eee
                                                      • Instruction Fuzzy Hash: 51216DA524EBC5AFCB035B3008640E6BFB09C6B34431D55DBC5D21F5B3C288844AEB05
                                                      Function 00345700 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16319be2c0d92ef9fdb21c17dbe4a594b6efb96165c39fd31cac94072681830b
                                                      • Instruction ID: 74dbcb471ef080d47630dd6e0016bd4fc8cb1e9d520ae4b5fafe3b35b94ba328
                                                      • Opcode Fuzzy Hash: 16319be2c0d92ef9fdb21c17dbe4a594b6efb96165c39fd31cac94072681830b
                                                      • Instruction Fuzzy Hash: F3115E7591C240EBC302AF28E845A1BBBF9EF96711F15882CE4C49F222D335E915CB93
                                                      Function 0033B650 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                      • Instruction ID: ea47e68e00b27e4495c8631ba8680f187d30a32a81ed7723613edc1e359e7a0c
                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                      • Instruction Fuzzy Hash: 1811E533B051D84EC3178D3C8481565FFA31AE3274F598399F4B89B2D3D7228D8A8364
                                                      Function 00330B80 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                      • Instruction ID: 261acf3a75a2dbcc7680924e1262b60fac441b2f1c1dcdcf9e529714d35b9ac3
                                                      • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                      • Instruction Fuzzy Hash: 8701D4F1B1134247E726DF5094F0B3BF2A86F80718F09462CE8064B342DB75EC04C2A1
                                                      Function 00351F6B Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bdf17eff18fc441677b77d3477c4cc579c5341fc1d21dd3b740d80817b705339
                                                      • Instruction ID: 63c0cf8677e0c86397bd1fde17d5b01e1aa42e32aa28d2fd06d076915dff9ebc
                                                      • Opcode Fuzzy Hash: bdf17eff18fc441677b77d3477c4cc579c5341fc1d21dd3b740d80817b705339
                                                      • Instruction Fuzzy Hash: D021C0314A92A5DFD752CF74D9E098ABBF1FF0B30034589DAC491CF5AAD764A005EB81
                                                      Function 0032D1E1 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e4878eb8a2872bfbb12c132d9a38cbac535024f505a964af515c3343c6581c53
                                                      • Instruction ID: f6bbac51af955d600a830892d265a7e30c55160415bc7c39781ea2eda3cb547e
                                                      • Opcode Fuzzy Hash: e4878eb8a2872bfbb12c132d9a38cbac535024f505a964af515c3343c6581c53
                                                      • Instruction Fuzzy Hash: 5411DBB0418380AFD3119F619494A2FFBE5EBA6714F248C0DE6A49B251C379E819CB56
                                                      Function 00306EA0 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a525307f3c9c9dd95d1e5ee3b92ba8bfc8f7afa527f558c237a02f050e74521c
                                                      • Instruction ID: 8f2d4ea5a9922f34e86f99d300d3159e1c1f7fe06f3686266bd1b115aea78194
                                                      • Opcode Fuzzy Hash: a525307f3c9c9dd95d1e5ee3b92ba8bfc8f7afa527f558c237a02f050e74521c
                                                      • Instruction Fuzzy Hash: D2F0243E71A61A0BF212CDAAE8C083BF39AD7CA364B051538EA40C3245CD72E8028190
                                                      Function 0033B8C0 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                      • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                      • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                      • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                      Function 0035072B Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ec27ecb193188009e97c6cdd3637e4f48af199917eb127b2574a6ebe086bfec9
                                                      • Instruction ID: f490ab3d118035fedd3c54142493c10a0e49c34d23053e5311bfca5a2e5e61b8
                                                      • Opcode Fuzzy Hash: ec27ecb193188009e97c6cdd3637e4f48af199917eb127b2574a6ebe086bfec9
                                                      • Instruction Fuzzy Hash: 3201E41504D7C1BFDBAB8B3804A40E3BFB6BD4330835DA6C8C4E20E827CA12A117E384
                                                      Function 0031C5F0 Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                      • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                      • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                      • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                      Function 0031B410 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                      • Instruction ID: e34c112f313001f1eaf443bc25a488bf623d1fe84b3772681578352aa1760c17
                                                      • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                      • Instruction Fuzzy Hash: 44F0ECB16045105BDF27CA559CC0FB7FB9CCB8F354F190426F84557103D6615885C3E5
                                                      Function 00338220 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8ac43946b1542e812e61ad028816abdfae98fec7a26734ea16feb064982b6c34
                                                      • Instruction ID: 50387aae79449cde4da575b173bc9ba6bec60706386fb0d1696afa3f81b8b265
                                                      • Opcode Fuzzy Hash: 8ac43946b1542e812e61ad028816abdfae98fec7a26734ea16feb064982b6c34
                                                      • Instruction Fuzzy Hash: 3C01E4B44107009FC3A0EF29C485747BBE8EB08714F004A1DE8AECB690D770B5448B82
                                                      Function 00341440 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                      • Instruction ID: cd312361478279f162bb53d0a78ff0c3824bd57aaa4bf5e2e1248c15eb6040b2
                                                      • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                      • Instruction Fuzzy Hash: 65D0A731608721469F748E1AE400977F7F0EAC7B11F4A955EF686E725CD630EC81C2A9
                                                      Function 00311ACD Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aa9aebb1729f0b5da6da7dc26e747a1a3a78c1e290de06842c419f4631c3bdc2
                                                      • Instruction ID: e291ae22fc22915d73aa3845128862c6d7f695d26a57705a68be7c9d767acd14
                                                      • Opcode Fuzzy Hash: aa9aebb1729f0b5da6da7dc26e747a1a3a78c1e290de06842c419f4631c3bdc2
                                                      • Instruction Fuzzy Hash: 0CC01238A581018F820A8F02A895476A6BCAB0B30DB44602ADA02EB721DE20E4128909
                                                      Function 00346094 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e7a7acdb487daf5093fdb820549d26c382d521ad9ff3e27c0668e4c52a5b1a1b
                                                      • Instruction ID: 76e3d859609b1a504c23bb066039f9d822b5e1c2f31c817937674f0eed0b1dac
                                                      • Opcode Fuzzy Hash: e7a7acdb487daf5093fdb820549d26c382d521ad9ff3e27c0668e4c52a5b1a1b
                                                      • Instruction Fuzzy Hash: A6C09B34A5C200C7910DCF04D951475F3BF9B97755F24B01DC80723666D134D516951D
                                                      Function 00311A3C Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cb4ab85aa7f2a05c239afbdbc05e578a6385a5405dbc60eba32b1260149b1be0
                                                      • Instruction ID: edf4477e5602a3d85325299cb7dfea7100d76b6b735f09730d6cc34b7fdf14e0
                                                      • Opcode Fuzzy Hash: cb4ab85aa7f2a05c239afbdbc05e578a6385a5405dbc60eba32b1260149b1be0
                                                      • Instruction Fuzzy Hash: BDC04C28A590418E82498E86A891472A6AC5707308B54303A9702EB761DD60E4158509
                                                      Function 00345FD6 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2189602977.0000000000301000.00000040.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                      • Associated: 00000000.00000002.2189584396.0000000000300000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.0000000000360000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.00000000005FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189647979.000000000060C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2189938154.000000000060D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190101335.00000000007AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.2190122174.00000000007AF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_300000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fbc662076e973cb58174ef2067750550a788461f15458cd8a090868177edf372
                                                      • Instruction ID: 77c743ec871efff71c04b9d79697eeb2abb41ed031158d763709d97e3340f11c
                                                      • Opcode Fuzzy Hash: fbc662076e973cb58174ef2067750550a788461f15458cd8a090868177edf372
                                                      • Instruction Fuzzy Hash: C7C09224B682008BA24DCF18DD51935F2BF9B8BB9AF14B02DC806A3266E134D522860C