Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1526563
MD5:	c8916aae53838af9e4dd5b25929c3011
SHA1:	137ee51345eb0ba5009f4c2f8e063dfa02d4da94
SHA256:	20c63022ebdfb3653fc44fe6a87e42dcff15a06bf396d7ff361921f0d9c38871
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 6360 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C8916AAE53838AF9E4DD5B25929C3011)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["spirittunek.stor", "licendfilteo.site", "dissapoiznw.stor", "studennotediw.stor", "bathdoomgaz.stor", "eaglepawnoy.stor", "mobbipenju.stor", "clearancek.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:44:00.065879+0200	2054653	1	A Network Trojan was detected	192.168.2.5	49705	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:44:00.065879+0200	2049836	1	A Network Trojan was detected	192.168.2.5	49705	188.114.96.3	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:43:57.733408+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.5	55596	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:43:56.857343+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.5	56123	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:43:57.706846+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.5	50054	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:43:57.695007+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.5	52515	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:43:57.757952+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.5	60882	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:43:57.624664+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.5	65246	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:43:57.745624+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.5	61579	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-06T10:43:57.722814+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.5	57689	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/badges	URL Reputation: Label: malware

Found malware configuration

Source: file.exe.6360.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["spirittunek.stor", "licendfilteo.site", "dissapoiznw.stor", "studennotediw.stor", "bathdoomgaz.stor", "eaglepawnoy.stor", "mobbipenju.stor", "clearancek.site"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.stor
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.stor
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.stor
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.stor
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.stor
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.stor
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005BD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005BD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_005F63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_005F695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_005F99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_005BFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_005C0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_005F4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_005B1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_005EF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_005C6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_005F6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_005DD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_005D2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_005D2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_005C42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_005BA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_005E23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_005E23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_005E23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_005E23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_005E23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_005E23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_005CD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_005F1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_005DC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_005CB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_005DE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_005F64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_005D9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_005C6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_005F7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_005B8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_005EB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_005DE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_005F7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005F5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_005F67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_005DD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_005D28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_005CD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_005F3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_005B49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_005B5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_005F4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_005C1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_005C1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_005CDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_005CDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_005F9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_005C1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_005C3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_005E0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_005DEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_005D7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_005EFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_005DCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005DCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_005DCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005F9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_005F9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_005DAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_005DAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_005DFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_005DDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005F8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_005DAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005D5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_005D7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_005C4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_005C1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_005C6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_005BBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_005B6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005EFF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_005D9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_005CFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_005F5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_005B8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_005F7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_005F7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_005C6F91

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:60882 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:52515 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:55596 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:57689 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:50054 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:61579 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:65246 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:56123 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 188.114.96.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: spirittunek.stor
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: dissapoiznw.stor
Source: Malware configuration extractor	URLs: studennotediw.stor
Source: Malware configuration extractor	URLs: bathdoomgaz.stor
Source: Malware configuration extractor	URLs: eaglepawnoy.stor
Source: Malware configuration extractor	URLs: mobbipenju.stor
Source: Malware configuration extractor	URLs: clearancek.site

Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sensatinwu.buzz

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sensatinwu.buzz

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sensatinwu.buzz

Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.2076037968.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076150417.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatt
Source: file.exe, 00000000.00000003.2076037968.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076150417.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstat
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2076037968.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076150417.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascriH
Source: file.exe, 00000000.00000003.2076037968.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076150417.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applicat4
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&l=e
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2076057849.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094677746.0000000000F63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076057849.0000000000F62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094713048.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sensatinwu.buzz/
Source: file.exe, 00000000.00000002.2094713048.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sensatinwu.buzz/api
Source: file.exe, 00000000.00000003.2076048362.0000000000FC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sensatinwu.buzz/apiq
Source: file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.2075963595.0000000000F60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094677746.0000000000F63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076057849.0000000000F62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/p
Source: file.exe, 00000000.00000003.2075963595.0000000000F60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094677746.0000000000F63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076057849.0000000000F62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C0228	0_2_005C0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F4040	0_2_005F4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A	0_2_0077205A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076D024	0_2_0076D024
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B1000	0_2_005B1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C2030	0_2_005C2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005FA0D0	0_2_005FA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B5160	0_2_005B5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B71F0	0_2_005B71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BE1A0	0_2_005BE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E82D0	0_2_005E82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E12D0	0_2_005E12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B12F7	0_2_005B12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BA300	0_2_005BA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E23E0	0_2_005E23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B13A3	0_2_005B13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BB3A0	0_2_005BB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005DC470	0_2_005DC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E64F0	0_2_005E64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C049B	0_2_005C049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4487	0_2_005C4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007705FB	0_2_007705FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CC5F0	0_2_005CC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B8590	0_2_005B8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B35B0	0_2_005B35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077667C	0_2_0077667C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F8652	0_2_005F8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B164F	0_2_005B164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005EF620	0_2_005EF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F86F0	0_2_005F86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073175C	0_2_0073175C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BA850	0_2_005BA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E1860	0_2_005E1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005EB8C0	0_2_005EB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083F828	0_2_0083F828
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005EE8A0	0_2_005EE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D098B	0_2_005D098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F89A0	0_2_005F89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F4A40	0_2_005F4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00778AE3	0_2_00778AE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F8A80	0_2_005F8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F7AB0	0_2_005F7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CDB6F	0_2_005CDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B7BF0	0_2_005B7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076BB91	0_2_0076BB91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00773B9F	0_2_00773B9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F8C02	0_2_005F8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005DCCD0	0_2_005DCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F6CBF	0_2_005F6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D8D62	0_2_005D8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005DFD10	0_2_005DFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005DDD29	0_2_005DDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005DAE57	0_2_005DAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F8E70	0_2_005F8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4E2A	0_2_005C4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006C4EF1	0_2_006C4EF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C6EBF	0_2_005C6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BBEB0	0_2_005BBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00737F7D	0_2_00737F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BAF10	0_2_005BAF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B8FD0	0_2_005B8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00731FEB	0_2_00731FEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F7FC0	0_2_005F7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0076EFC8	0_2_0076EFC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00684FA4	0_2_00684FA4

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 005BCAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 005CD300 appears 152 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9995294451320133
Source: file.exe	Static PE information: Section: trxxvdbn ZLIB complexity 0.9939460930295112

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_005E8220 CoCreateInstance,

0_2_005E8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 1836032 > 1048576

Source: file.exe

Static PE information: Raw size of trxxvdbn is bigger than: 0x100000 < 0x196a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.5b0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;trxxvdbn:EW;psadlvyt:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;trxxvdbn:EW;psadlvyt:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1cc9d0 should be: 0x1c4b45

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: trxxvdbn
Source: file.exe	Static PE information: section name: psadlvyt
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push eax; mov dword ptr [esp], ebx	0_2_00772061
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push ebx; mov dword ptr [esp], edi	0_2_00772065
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push edx; mov dword ptr [esp], ebp	0_2_00772069
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 654D7FA0h; mov dword ptr [esp], ecx	0_2_0077209C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push esi; mov dword ptr [esp], 6F7DCE23h	0_2_007720B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push esi; mov dword ptr [esp], eax	0_2_007721CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push ebp; mov dword ptr [esp], 1F9B9A53h	0_2_007721D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push ebp; mov dword ptr [esp], edx	0_2_00772354
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push edi; mov dword ptr [esp], eax	0_2_007723E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push eax; mov dword ptr [esp], 672D9B2Bh	0_2_00772425
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push esi; mov dword ptr [esp], ecx	0_2_00772439
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push edx; mov dword ptr [esp], 79F3E496h	0_2_00772480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 7F09A515h; mov dword ptr [esp], ecx	0_2_007724CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push edx; mov dword ptr [esp], ebp	0_2_0077256A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 792D2AC4h; mov dword ptr [esp], eax	0_2_0077257F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push eax; mov dword ptr [esp], edx	0_2_007725CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 38C116FAh; mov dword ptr [esp], ecx	0_2_00772603
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push ecx; mov dword ptr [esp], esi	0_2_00772675
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push ecx; mov dword ptr [esp], 4925758Dh	0_2_007726E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push eax; mov dword ptr [esp], esi	0_2_007726F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push edx; mov dword ptr [esp], esi	0_2_00772784
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 0F5A6FDAh; mov dword ptr [esp], edx	0_2_00772834
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push eax; mov dword ptr [esp], edx	0_2_00772875
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 15BFBFB1h; mov dword ptr [esp], edx	0_2_007728CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 29F630F1h; mov dword ptr [esp], eax	0_2_007728ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push ebx; mov dword ptr [esp], edx	0_2_00772909
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push eax; mov dword ptr [esp], edi	0_2_0077292C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push eax; mov dword ptr [esp], esi	0_2_00772984
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 3107D921h; mov dword ptr [esp], eax	0_2_00772A04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push 386C9B96h; mov dword ptr [esp], edx	0_2_00772A42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0077205A push esi; mov dword ptr [esp], ecx	0_2_00772AFB

Source: file.exe	Static PE information: section name: entropy: 7.984616310053154
Source: file.exe	Static PE information: section name: trxxvdbn entropy: 7.953378514979776

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D725 second address: 77D748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8B7h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D748 second address: 77D78F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D51h 0x00000007 jmp 00007FC834EB3D58h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FC834EB3D56h 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D78F second address: 77D79A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FC83451D8A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D79A second address: 77D7A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D961 second address: 77D967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D967 second address: 77D96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D96F second address: 77D97D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D97D second address: 77D98C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FC834EB3D46h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77D98C second address: 77D990 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DC36 second address: 77DC3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DC3C second address: 77DC42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DC42 second address: 77DC48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DC48 second address: 77DC52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DC52 second address: 77DC56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DC56 second address: 77DC64 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DDB6 second address: 77DDBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DDBC second address: 77DDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DDC1 second address: 77DDC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DDC7 second address: 77DDCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77DDCB second address: 77DDD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FC834EB3D46h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 780EFA second address: 780F04 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC83451D8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 780F04 second address: 613BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 62C75B32h 0x00000010 jmp 00007FC834EB3D4Ch 0x00000015 push dword ptr [ebp+122D11DDh] 0x0000001b mov dx, 694Ah 0x0000001f call dword ptr [ebp+122D1C06h] 0x00000025 pushad 0x00000026 pushad 0x00000027 jbe 00007FC834EB3D47h 0x0000002d cmc 0x0000002e popad 0x0000002f pushad 0x00000030 jmp 00007FC834EB3D4Eh 0x00000035 mov ebx, dword ptr [ebp+122D37DEh] 0x0000003b popad 0x0000003c xor eax, eax 0x0000003e jbe 00007FC834EB3D4Ch 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 jnp 00007FC834EB3D59h 0x0000004e jmp 00007FC834EB3D53h 0x00000053 mov dword ptr [ebp+122D3A76h], eax 0x00000059 clc 0x0000005a mov esi, 0000003Ch 0x0000005f sub dword ptr [ebp+122D36B3h], edi 0x00000065 add esi, dword ptr [esp+24h] 0x00000069 jnl 00007FC834EB3D4Dh 0x0000006f lodsw 0x00000071 jmp 00007FC834EB3D51h 0x00000076 add eax, dword ptr [esp+24h] 0x0000007a sub dword ptr [ebp+122D230Bh], ebx 0x00000080 mov ebx, dword ptr [esp+24h] 0x00000084 mov dword ptr [ebp+122D230Bh], edx 0x0000008a nop 0x0000008b jbe 00007FC834EB3D62h 0x00000091 pushad 0x00000092 jmp 00007FC834EB3D54h 0x00000097 push eax 0x00000098 push edx 0x00000099 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 780F4F second address: 780FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8ABh 0x00000009 popad 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edi, edx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007FC83451D8A8h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c pushad 0x0000002d sbb cl, 00000076h 0x00000030 mov edi, eax 0x00000032 popad 0x00000033 push EC0B145Fh 0x00000038 pushad 0x00000039 push esi 0x0000003a jne 00007FC83451D8A6h 0x00000040 pop esi 0x00000041 jmp 00007FC83451D8AAh 0x00000046 popad 0x00000047 add dword ptr [esp], 13F4EC21h 0x0000004e push 00000003h 0x00000050 jg 00007FC83451D8A6h 0x00000056 push 00000000h 0x00000058 push edi 0x00000059 xor dword ptr [ebp+122D279Ch], ebx 0x0000005f pop esi 0x00000060 mov ecx, eax 0x00000062 push 00000003h 0x00000064 jmp 00007FC83451D8B2h 0x00000069 push 8688116Ah 0x0000006e push edi 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781103 second address: 781134 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FC834EB3D51h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push esi 0x00000010 jbe 00007FC834EB3D4Ch 0x00000016 jc 00007FC834EB3D46h 0x0000001c pop esi 0x0000001d mov eax, dword ptr [eax] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781134 second address: 781138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781138 second address: 78113E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78121A second address: 781220 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781220 second address: 781224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781224 second address: 78123A instructions: 0x00000000 rdtsc 0x00000002 je 00007FC83451D8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78123A second address: 781248 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781248 second address: 78126C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jl 00007FC83451D8B4h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7813CF second address: 7813D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7813D3 second address: 7813FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f jmp 00007FC83451D8AAh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7813FB second address: 781401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79FC5A second address: 79FC64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FC83451D8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79FF2E second address: 79FF3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FC834EB3D46h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79FF3A second address: 79FF40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A00D2 second address: 7A00D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A04DC second address: 7A0500 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FC83451D8AEh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A065D second address: 7A0661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A078C second address: 7A0790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0790 second address: 7A07A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D50h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A07A4 second address: 7A07B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnp 00007FC83451D8A6h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A08E9 second address: 7A08ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A08ED second address: 7A0908 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC83451D8ABh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0908 second address: 7A092F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC834EB3D46h 0x00000008 jmp 00007FC834EB3D53h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007FC834EB3D46h 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A092F second address: 7A0939 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC83451D8A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 796064 second address: 79606F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007FC834EB3D46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1A4C second address: 7A1A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push edi 0x00000007 jc 00007FC83451D8A6h 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7D49 second address: 7A7D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FC834EB3D46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A7EB6 second address: 7A7EBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A65FA second address: 7A65FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ADB99 second address: 7ADB9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ADB9D second address: 7ADBAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007FC834EB3D52h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ADBAC second address: 7ADBB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ADBB2 second address: 7ADBCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FC834EB3D51h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ADBCA second address: 7ADBED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnl 00007FC83451D8AEh 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FC83451D8A6h 0x00000015 jnl 00007FC83451D8A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ADBED second address: 7ADC0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D59h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD217 second address: 7AD21D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD21D second address: 7AD223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD34C second address: 7AD37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8B2h 0x00000009 popad 0x0000000a jmp 00007FC83451D8B8h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD37F second address: 7AD38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC834EB3D4Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD4CF second address: 7AD4E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a ja 00007FC83451D8A6h 0x00000010 pop edx 0x00000011 popad 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD4E6 second address: 7AD4EC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AF067 second address: 7AF06B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AF15D second address: 7AF179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC834EB3D55h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AF179 second address: 7AF17D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AF17D second address: 7AF193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FC834EB3D4Ch 0x00000010 jne 00007FC834EB3D46h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AF193 second address: 7AF19D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FC83451D8A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AFE7E second address: 7AFE8B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B085A second address: 7B0860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B130A second address: 7B130E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B1200 second address: 7B1206 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2524 second address: 7B252A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2F3A second address: 7B2F3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2F3E second address: 7B2F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B4D36 second address: 7B4D5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83451D8ABh 0x00000008 jmp 00007FC83451D8ABh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007FC83451D8A8h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B4D5D second address: 7B4D9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FC834EB3D59h 0x0000000f push 00000000h 0x00000011 movsx esi, si 0x00000014 push 00000000h 0x00000016 mov edi, dword ptr [ebp+122D3AB2h] 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 jl 00007FC834EB3D46h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B588B second address: 7B5912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FC83451D8A8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov edi, 27BF664Fh 0x00000029 push 00000000h 0x0000002b mov di, 8316h 0x0000002f push 00000000h 0x00000031 pushad 0x00000032 pushad 0x00000033 add dx, 577Dh 0x00000038 call 00007FC83451D8B5h 0x0000003d pop ebx 0x0000003e popad 0x0000003f xor dword ptr [ebp+1243FC60h], esi 0x00000045 popad 0x00000046 xchg eax, ebx 0x00000047 jmp 00007FC83451D8B0h 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push ebx 0x00000050 jmp 00007FC83451D8B5h 0x00000055 pop ebx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5682 second address: 7B5686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B5912 second address: 7B5918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9642 second address: 7B9655 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC834EB3D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnc 00007FC834EB3D46h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9C33 second address: 7B9C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9C37 second address: 7B9C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9C44 second address: 7B9C49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9C49 second address: 7B9CC5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC834EB3D48h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, dword ptr [ebp+122D2B67h] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FC834EB3D48h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov bx, 12EDh 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007FC834EB3D48h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 00000015h 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d call 00007FC834EB3D55h 0x00000052 mov bh, al 0x00000054 pop ebx 0x00000055 xchg eax, esi 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 jnc 00007FC834EB3D46h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9CC5 second address: 7B9CE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B9CE2 second address: 7B9CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BABF0 second address: 7BABF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDBD3 second address: 7BDC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b js 00007FC834EB3D46h 0x00000011 popad 0x00000012 pop edx 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007FC834EB3D48h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Dh 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e push 00000000h 0x00000030 sub dword ptr [ebp+122D2BF4h], ebx 0x00000036 cld 0x00000037 push 00000000h 0x00000039 mov bx, 90B0h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 jo 00007FC834EB3D46h 0x00000047 jo 00007FC834EB3D46h 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BCDD8 second address: 7BCDDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDC2C second address: 7BDC32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDC32 second address: 7BDC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BCE9D second address: 7BCEA7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC834EB3D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BEAA4 second address: 7BEAA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BEAA8 second address: 7BEB30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007FC834EB3D48h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 jmp 00007FC834EB3D4Ch 0x0000002b cld 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007FC834EB3D48h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 00000014h 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a mov di, cx 0x0000004d mov bx, di 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FC834EB3D57h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDDB3 second address: 7BDE4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 jmp 00007FC83451D8ACh 0x0000000d push dword ptr fs:[00000000h] 0x00000014 mov ebx, dword ptr [ebp+1243FD82h] 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FC83451D8A8h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 00000014h 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b mov dword ptr [ebp+124473F4h], esi 0x00000041 mov eax, dword ptr [ebp+122D11A1h] 0x00000047 push 00000000h 0x00000049 push ecx 0x0000004a call 00007FC83451D8A8h 0x0000004f pop ecx 0x00000050 mov dword ptr [esp+04h], ecx 0x00000054 add dword ptr [esp+04h], 00000018h 0x0000005c inc ecx 0x0000005d push ecx 0x0000005e ret 0x0000005f pop ecx 0x00000060 ret 0x00000061 mov ebx, 31CD88C0h 0x00000066 and bx, 6E6Ah 0x0000006b push FFFFFFFFh 0x0000006d mov edi, 75DC3523h 0x00000072 nop 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007FC83451D8B8h 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BEB30 second address: 7BEB36 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDE4F second address: 7BDE55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDE55 second address: 7BDE63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BDE63 second address: 7BDE6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC83451D8A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BFCDC second address: 7BFCE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BFCE2 second address: 7BFD89 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC83451D8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d call 00007FC83451D8B0h 0x00000012 mov di, cx 0x00000015 pop edi 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edx 0x00000027 call 00007FC83451D8A8h 0x0000002c pop edx 0x0000002d mov dword ptr [esp+04h], edx 0x00000031 add dword ptr [esp+04h], 0000001Dh 0x00000039 inc edx 0x0000003a push edx 0x0000003b ret 0x0000003c pop edx 0x0000003d ret 0x0000003e stc 0x0000003f mov eax, dword ptr [ebp+122D00F9h] 0x00000045 mov bx, si 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push ebx 0x0000004d call 00007FC83451D8A8h 0x00000052 pop ebx 0x00000053 mov dword ptr [esp+04h], ebx 0x00000057 add dword ptr [esp+04h], 00000018h 0x0000005f inc ebx 0x00000060 push ebx 0x00000061 ret 0x00000062 pop ebx 0x00000063 ret 0x00000064 sub edi, 66251085h 0x0000006a call 00007FC83451D8B7h 0x0000006f movzx ebx, dx 0x00000072 pop edi 0x00000073 push eax 0x00000074 push eax 0x00000075 push eax 0x00000076 push edx 0x00000077 push edi 0x00000078 pop edi 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1AC3 second address: 7C1B2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FC834EB3D48h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 clc 0x00000026 adc bx, 97B1h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 call 00007FC834EB3D48h 0x00000035 pop ebx 0x00000036 mov dword ptr [esp+04h], ebx 0x0000003a add dword ptr [esp+04h], 00000016h 0x00000042 inc ebx 0x00000043 push ebx 0x00000044 ret 0x00000045 pop ebx 0x00000046 ret 0x00000047 xor di, 2469h 0x0000004c push 00000000h 0x0000004e or dword ptr [ebp+122D1BF5h], ecx 0x00000054 xchg eax, esi 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 ja 00007FC834EB3D46h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1B2F second address: 7C1B79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FC83451D8AAh 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 jl 00007FC83451D8CEh 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FC83451D8B5h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2BD0 second address: 7C2BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC834EB3D46h 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2BE2 second address: 7C2C48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a nop 0x0000000b mov ebx, dword ptr [ebp+122D2962h] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007FC83451D8A8h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov bx, BEF6h 0x00000031 push 00000000h 0x00000033 mov dword ptr [ebp+122D295Ch], eax 0x00000039 je 00007FC83451D8ACh 0x0000003f mov edi, dword ptr [ebp+122D395Ah] 0x00000045 xchg eax, esi 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 jnc 00007FC83451D8A6h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2C48 second address: 7C2C4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C2C4C second address: 7C2C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C1DBE second address: 7C1DC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4BD1 second address: 7C4BD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4BD7 second address: 7C4BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4BDC second address: 7C4BE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C3E11 second address: 7C3E17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4BE3 second address: 7C4BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FC83451D8A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4BF5 second address: 7C4BFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C4BFB second address: 7C4C4E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FC83451D8A8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov bh, ch 0x00000025 push 00000000h 0x00000027 mov dword ptr [ebp+122D1C9Dh], ecx 0x0000002d push 00000000h 0x0000002f adc edi, 5A9E29D4h 0x00000035 xchg eax, esi 0x00000036 jmp 00007FC83451D8ADh 0x0000003b push eax 0x0000003c jc 00007FC83451D8B9h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7C28 second address: 7C7C44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC834EB3D58h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C6E8F second address: 7C6E95 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C8C83 second address: 7C8C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C8C87 second address: 7C8C8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C7E63 second address: 7C7E6D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC834EB3D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C8C8B second address: 7C8CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FC83451D8ACh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CAF41 second address: 7CAF70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC834EB3D56h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e jmp 00007FC834EB3D4Dh 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CC93A second address: 7CC93E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7CC93E second address: 7CC950 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D35A7 second address: 7D35B9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC83451D8A8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FC83451D8A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8F49 second address: 7D8F7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D56h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FC834EB3D4Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007FC834EB3D46h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D8F7A second address: 7D8F7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D961D second address: 7D9621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9621 second address: 7D9627 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9627 second address: 7D962B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D97D2 second address: 7D97D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E0667 second address: 7E066B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF91A second address: 7DF92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8AAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF92A second address: 7DF92F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DF92F second address: 7DF93F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007FC83451D8A6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E1BBB second address: 7E1BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6A31 second address: 7B6A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6A36 second address: 7B6ABB instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC834EB3D4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FC834EB3D48h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 lea eax, dword ptr [ebp+124767DCh] 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007FC834EB3D48h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 00000016h 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 pushad 0x00000048 clc 0x00000049 add ebx, dword ptr [ebp+122D38AAh] 0x0000004f popad 0x00000050 or dword ptr [ebp+1246E3D7h], edx 0x00000056 nop 0x00000057 push eax 0x00000058 jmp 00007FC834EB3D51h 0x0000005d pop eax 0x0000005e push eax 0x0000005f push edi 0x00000060 jg 00007FC834EB3D4Ch 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6ABB second address: 796064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 nop 0x00000006 xor cx, 1FF8h 0x0000000b call dword ptr [ebp+122D2BA6h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FC83451D8B0h 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d popad 0x0000001e push esi 0x0000001f jmp 00007FC83451D8AFh 0x00000024 pop esi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6F0A second address: 7B6F27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FC834EB3D4Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B6F27 second address: 613BB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jno 00007FC83451D8B2h 0x0000000c nop 0x0000000d add dword ptr [ebp+122D1872h], eax 0x00000013 push dword ptr [ebp+122D11DDh] 0x00000019 ja 00007FC83451D8A7h 0x0000001f call dword ptr [ebp+122D1C06h] 0x00000025 pushad 0x00000026 pushad 0x00000027 jbe 00007FC83451D8A7h 0x0000002d cmc 0x0000002e popad 0x0000002f pushad 0x00000030 jmp 00007FC83451D8AEh 0x00000035 mov ebx, dword ptr [ebp+122D37DEh] 0x0000003b popad 0x0000003c xor eax, eax 0x0000003e jbe 00007FC83451D8ACh 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 jnp 00007FC83451D8B9h 0x0000004e jmp 00007FC83451D8B3h 0x00000053 mov dword ptr [ebp+122D3A76h], eax 0x00000059 clc 0x0000005a mov esi, 0000003Ch 0x0000005f sub dword ptr [ebp+122D36B3h], edi 0x00000065 add esi, dword ptr [esp+24h] 0x00000069 jnl 00007FC83451D8ADh 0x0000006f lodsw 0x00000071 jmp 00007FC83451D8B1h 0x00000076 add eax, dword ptr [esp+24h] 0x0000007a sub dword ptr [ebp+122D230Bh], ebx 0x00000080 mov ebx, dword ptr [esp+24h] 0x00000084 mov dword ptr [ebp+122D230Bh], edx 0x0000008a nop 0x0000008b jbe 00007FC83451D8C2h 0x00000091 pushad 0x00000092 jmp 00007FC83451D8B4h 0x00000097 push eax 0x00000098 push edx 0x00000099 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B705F second address: 7B7063 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7063 second address: 7B7080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FC83451D8A8h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jng 00007FC83451D8A6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7080 second address: 7B7086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7086 second address: 7B70A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007FC83451D8ACh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B70A8 second address: 7B70C5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC834EB3D4Ch 0x00000008 jnp 00007FC834EB3D46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jl 00007FC834EB3D4Eh 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B71BB second address: 7B71C0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B71C0 second address: 7B71D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FC834EB3D46h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B71D2 second address: 7B71E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B71E4 second address: 7B71EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7295 second address: 7B729B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B752B second address: 7B752F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7BEB second address: 7B7BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7BF0 second address: 7B7BF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7D39 second address: 7B7D8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c movsx edx, cx 0x0000000f lea eax, dword ptr [ebp+12476820h] 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FC83451D8A8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Ch 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f sbb edi, 0ED50BBBh 0x00000035 nop 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FC83451D8AAh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7D8C second address: 7B7DA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FC834EB3D46h 0x00000009 jl 00007FC834EB3D46h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7DA3 second address: 7B7DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FC83451D8AEh 0x0000000a popad 0x0000000b nop 0x0000000c jmp 00007FC83451D8B1h 0x00000011 movzx ecx, si 0x00000014 lea eax, dword ptr [ebp+124767DCh] 0x0000001a mov dword ptr [ebp+124473F4h], ecx 0x00000020 nop 0x00000021 js 00007FC83451D8B2h 0x00000027 jnp 00007FC83451D8ACh 0x0000002d push eax 0x0000002e pushad 0x0000002f jmp 00007FC83451D8AAh 0x00000034 pushad 0x00000035 push eax 0x00000036 pop eax 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7DFC second address: 796AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jnc 00007FC834EB3D4Bh 0x0000000d call dword ptr [ebp+122D26E2h] 0x00000013 push esi 0x00000014 jmp 00007FC834EB3D57h 0x00000019 pushad 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 796AF6 second address: 796AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E52C7 second address: 7E5327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FC834EB3D57h 0x0000000a jmp 00007FC834EB3D4Ch 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jg 00007FC834EB3D46h 0x00000019 jp 00007FC834EB3D46h 0x0000001f jmp 00007FC834EB3D56h 0x00000024 popad 0x00000025 jmp 00007FC834EB3D51h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5327 second address: 7E533B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC83451D8AAh 0x00000008 jo 00007FC83451D8B2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E533B second address: 7E5341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E546E second address: 7E5474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5474 second address: 7E549E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC834EB3D4Eh 0x00000009 popad 0x0000000a jg 00007FC834EB3D48h 0x00000010 pushad 0x00000011 jmp 00007FC834EB3D4Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E549E second address: 7E54B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8AFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5882 second address: 7E588B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E588B second address: 7E589D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC83451D8A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FC83451D8ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E589D second address: 7E58A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5A27 second address: 7E5A34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnl 00007FC83451D8A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5A34 second address: 7E5A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FC834EB3D54h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007FC834EB3D4Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E5B97 second address: 7E5B9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EF49E second address: 7EF4BB instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC834EB3D48h 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b je 00007FC834EB3D46h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EE10A second address: 7EE11F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FC83451D8A6h 0x0000000f js 00007FC83451D8A6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EE5E1 second address: 7EE5FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D4Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jnp 00007FC834EB3D46h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EEA6B second address: 7EEA6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EEA6F second address: 7EEA7D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC834EB3D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EEA7D second address: 7EEA81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EEA81 second address: 7EEA8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EEA8D second address: 7EEA92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EEA92 second address: 7EEA9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007FC834EB3D46h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7EEBC4 second address: 7EEBCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4817 second address: 7F4847 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FC834EB3D6Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC834EB3D55h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4E50 second address: 7F4E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4FAA second address: 7F4FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC834EB3D46h 0x0000000a popad 0x0000000b pop edi 0x0000000c jo 00007FC834EB3D58h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F44E1 second address: 7F450C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8AAh 0x00000009 jp 00007FC83451D8AEh 0x0000000f jl 00007FC83451D8A8h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F450C second address: 7F452D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FC834EB3D52h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F452D second address: 7F4546 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 popad 0x0000000a pushad 0x0000000b jne 00007FC83451D8A6h 0x00000011 jnl 00007FC83451D8A6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4546 second address: 7F454C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F5236 second address: 7F5251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8B4h 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776B4C second address: 776B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776B50 second address: 776B7E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC83451D8A6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FC83451D8B8h 0x00000014 jp 00007FC83451D8A6h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776B7E second address: 776B99 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC834EB3D4Eh 0x00000008 pushad 0x00000009 jbe 00007FC834EB3D46h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FB3D9 second address: 7FB3DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FB3DE second address: 7FB3F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC834EB3D53h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FB3F7 second address: 7FB3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FB3FB second address: 7FB3FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FB844 second address: 7FB848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FB848 second address: 7FB851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF1FC second address: 7FF21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8B5h 0x00000009 pop edi 0x0000000a pushad 0x0000000b jp 00007FC83451D8A6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF21F second address: 7FF237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC834EB3D4Bh 0x0000000c jo 00007FC834EB3D46h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF237 second address: 7FF250 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FC83451D8ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF250 second address: 7FF26A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC834EB3D55h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF26A second address: 7FF272 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF272 second address: 7FF278 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF3B9 second address: 7FF3BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF3BD second address: 7FF3D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF3D6 second address: 7FF3DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF3DF second address: 7FF3EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jbe 00007FC834EB3D4Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF3EF second address: 7FF3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7FF3FB second address: 7FF3FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805BBD second address: 805BC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805BC1 second address: 805BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 804C44 second address: 804C48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B76EE second address: 7B76F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B76F4 second address: 7B76F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 804EE0 second address: 804EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8081AD second address: 8081B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8081B1 second address: 8081D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D55h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FC834EB3D46h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808355 second address: 808359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808359 second address: 80838D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC834EB3D46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007FC834EB3D52h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC834EB3D51h 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80838D second address: 808391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808391 second address: 808397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808397 second address: 8083AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jp 00007FC83451D8A6h 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8083AB second address: 8083AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80850E second address: 808521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FC83451D8ACh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808521 second address: 808526 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808526 second address: 808541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jng 00007FC83451D8A6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FC83451D8A6h 0x00000015 jns 00007FC83451D8A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808839 second address: 808843 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC834EB3D4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 808843 second address: 80884F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC83451D8B7h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80BB45 second address: 80BB4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80BB4E second address: 80BB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8ACh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80BFD4 second address: 80BFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80C152 second address: 80C158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80C2A1 second address: 80C2A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81282A second address: 812835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 812835 second address: 81283B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81283B second address: 81283F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8129A6 second address: 8129B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnc 00007FC834EB3D4Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8129B7 second address: 8129E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8B6h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC83451D8ADh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8129E0 second address: 8129F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007FC834EB3D46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813359 second address: 8133A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC83451D8A6h 0x0000000a jnp 00007FC83451D8A6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jmp 00007FC83451D8B4h 0x00000018 pop ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b jnc 00007FC83451D8BDh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8133A0 second address: 8133A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8133A8 second address: 8133AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813681 second address: 813685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813685 second address: 813689 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776B8A second address: 776B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jbe 00007FC834EB3D46h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813F46 second address: 813F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813F58 second address: 813F5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 813F5C second address: 813F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76CB4D second address: 76CB78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC834EB3D4Ah 0x00000009 jmp 00007FC834EB3D51h 0x0000000e popad 0x0000000f jne 00007FC834EB3D48h 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819B35 second address: 819B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007FC83451D8ABh 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f ja 00007FC83451D8A6h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 push ecx 0x00000019 jmp 00007FC83451D8ADh 0x0000001e push esi 0x0000001f pop esi 0x00000020 pop ecx 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 jg 00007FC83451D8AEh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819B75 second address: 819B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819B7D second address: 819B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819CDF second address: 819CE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819CE3 second address: 819CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FC83451D8ACh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819CF5 second address: 819D12 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC834EB3D4Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC834EB3D4Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 819D12 second address: 819D18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A1EB second address: 81A219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FC834EB3D4Fh 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC834EB3D4Eh 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A219 second address: 81A21D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81A365 second address: 81A36F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC834EB3D46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 778684 second address: 778688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 778688 second address: 7786A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC834EB3D53h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 828BAC second address: 828BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826F21 second address: 826F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c jc 00007FC834EB3D46h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826F34 second address: 826F3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826F3A second address: 826F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8274BE second address: 8274C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 827630 second address: 827648 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC834EB3D53h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 827648 second address: 82766E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jo 00007FC83451D8B4h 0x00000010 jmp 00007FC83451D8AEh 0x00000015 jl 00007FC83451D8ACh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82766E second address: 827680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC834EB3D48h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 827680 second address: 827684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8277BB second address: 8277C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8277C1 second address: 8277C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8277C6 second address: 8277CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8277CC second address: 8277D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82691E second address: 826923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826923 second address: 826974 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83451D8B7h 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop edi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC83451D8B6h 0x00000018 jmp 00007FC83451D8B6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826974 second address: 826978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826978 second address: 82697E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82697E second address: 826990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FC834EB3D4Ch 0x0000000c jnp 00007FC834EB3D46h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826990 second address: 826998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82EDC3 second address: 82EE26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FC834EB3D76h 0x0000000c jmp 00007FC834EB3D52h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC834EB3D52h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83B99F second address: 83B9A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83B4A5 second address: 83B4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83B4AD second address: 83B4B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83B4B1 second address: 83B4B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83B4B7 second address: 83B4CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83451D8AFh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83B4CC second address: 83B4E0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC834EB3D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jns 00007FC834EB3D46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F4EB second address: 83F4EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F4EF second address: 83F4F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F4F5 second address: 83F513 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC83451D8AEh 0x00000008 push eax 0x00000009 pop eax 0x0000000a jc 00007FC83451D8A6h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 je 00007FC83451D8D2h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 83F513 second address: 83F517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 844F0B second address: 844F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 844F15 second address: 844F33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC834EB3D51h 0x00000009 push edx 0x0000000a pop edx 0x0000000b jng 00007FC834EB3D46h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8496C7 second address: 8496CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 858B9A second address: 858BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC834EB3D54h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 858BB4 second address: 858BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 858E3F second address: 858E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 859414 second address: 859418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85954C second address: 859550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85A02E second address: 85A032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85CF6B second address: 85CF9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC834EB3D53h 0x0000000d jmp 00007FC834EB3D57h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85CF9D second address: 85CFA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85CFA1 second address: 85CFAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85CB2B second address: 85CB37 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 85CB37 second address: 85CB43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FC834EB3D46h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86037A second address: 8603AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83451D8B8h 0x00000009 jmp 00007FC83451D8AFh 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push edi 0x00000012 push esi 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8603AD second address: 8603B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8603B2 second address: 8603C6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC83451D8AEh 0x00000008 jc 00007FC83451D8A6h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8603C6 second address: 8603CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8603CA second address: 8603CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86BA36 second address: 86BA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86BA3C second address: 86BA45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 86BA45 second address: 86BA65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC834EB3D57h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87D577 second address: 87D57B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87D57B second address: 87D598 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC834EB3D5Fh 0x00000008 jmp 00007FC834EB3D53h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 87D598 second address: 87D5AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC83451D8AEh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 88045C second address: 880461 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 880146 second address: 880173 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC83451D8AFh 0x0000000c jng 00007FC83451D8A6h 0x00000012 jmp 00007FC83451D8B0h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 897E7F second address: 897E89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FC834EB3D46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8982CA second address: 898318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FC83451D8BDh 0x0000000c jmp 00007FC83451D8B7h 0x00000011 popad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC83451D8B5h 0x0000001a jmp 00007FC83451D8B2h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8984D9 second address: 8984E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898ABB second address: 898ADE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC83451D8B6h 0x0000000a pop esi 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 898ADE second address: 898B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC834EB3D46h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007FC834EB3D54h 0x00000017 jnc 00007FC834EB3D46h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89A657 second address: 89A671 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83451D8B4h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D1BF second address: 89D1CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FC834EB3D4Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D1CC second address: 89D1EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC83451D8B5h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89D1EA second address: 89D1F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 89FE97 second address: 89FE9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A0157 second address: 8A0175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 jmp 00007FC834EB3D4Ch 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A0175 second address: 8A017B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A1AF8 second address: 8A1B12 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FC834EB3D71h 0x0000000e jbe 00007FC834EB3D48h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A1B12 second address: 8A1B16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A1606 second address: 8A160C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A160C second address: 8A1611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8A34E9 second address: 8A3500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC834EB3D4Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B230C second address: 7B231D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007FC83451D8A6h 0x00000011 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 613BFE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 613B50 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7CC97F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 83553D instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 1680

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2094677746.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094677746.0000000000F63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076057849.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076057849.0000000000F62000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2094545265.0000000000F0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@h
Source: file.exe, 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_005F5BB0 LdrInitializeThunk,

0_2_005F5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor

Source: file.exe, file.exe, 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: *Program Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.ZPACK.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
steamcommunity.com	0%	Virustotal	Browse
sensatinwu.buzz	0%	Virustotal	Browse
bathdoomgaz.store	1%	Virustotal	Browse
spirittunek.store	1%	Virustotal	Browse
clearancek.site	1%	Virustotal	Browse
dissapoiznw.store	1%	Virustotal	Browse
mobbipenju.store	1%	Virustotal	Browse
studennotediw.store	1%	Virustotal	Browse
eaglepawnoy.store	1%	Virustotal	Browse
licendfilteo.site	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/badges	100%	URL Reputation	malware
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp	0%	Virustotal		Browse
https://steamcommunity.com/my/wishlist/	0%	Virustotal		Browse
https://steamcommunity.com/market/	0%	Virustotal		Browse
https://steamcommunity.com/discussions/	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&l=e	0%	Virustotal		Browse
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	0%	Virustotal		Browse
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	0%	Virustotal		Browse
https://steamcommunity.com/?subsection=broadcasts	0%	Virustotal		Browse
clearancek.site	1%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz	0%	Virustotal		Browse
https://steamcommunity.com/workshop/	0%	Virustotal		Browse
licendfilteo.site	1%	Virustotal		Browse
https://sensatinwu.buzz/	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	0%	Virustotal		Browse
https://steamcommunity.com/p	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	Virustotal		Browse
https://sensatinwu.buzz/api	0%	Virustotal		Browse
https://steamcommunity.com/	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
steamcommunity.com	104.102.49.254	true	false	0%, Virustotal, Browse	unknown
sensatinwu.buzz	188.114.96.3	true	true	0%, Virustotal, Browse	unknown
eaglepawnoy.store	unknown	unknown	false	1%, Virustotal, Browse	unknown
bathdoomgaz.store	unknown	unknown	false	1%, Virustotal, Browse	unknown
spirittunek.store	unknown	unknown	false	1%, Virustotal, Browse	unknown
licendfilteo.site	unknown	unknown	true	1%, Virustotal, Browse	unknown
studennotediw.store	unknown	unknown	false	1%, Virustotal, Browse	unknown
mobbipenju.store	unknown	unknown	false	1%, Virustotal, Browse	unknown
clearancek.site	unknown	unknown	true	1%, Virustotal, Browse	unknown
dissapoiznw.store	unknown	unknown	false	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
studennotediw.stor	true		unknown
spirittunek.stor	true		unknown
eaglepawnoy.stor	true		unknown
clearancek.site	true	1%, Virustotal, Browse	unknown
mobbipenju.stor	true		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
licendfilteo.site	true	1%, Virustotal, Browse	unknown
bathdoomgaz.stor	true		unknown
https://sensatinwu.buzz/api	true	0%, Virustotal, Browse	unknown
dissapoiznw.stor	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sensatinwu.buzz/apiq	file.exe, 00000000.00000003.2076048362.0000000000FC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applicat4	file.exe, 00000000.00000003.2076037968.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076150417.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&l=e	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://sensatinwu.buzz/	file.exe, 00000000.00000003.2076057849.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094677746.0000000000F63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076057849.0000000000F62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094713048.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstat	file.exe, 00000000.00000003.2076037968.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076150417.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.akamai.steamstatt	file.exe, 00000000.00000003.2076037968.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076150417.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/p	file.exe, 00000000.00000003.2075963595.0000000000F60000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094677746.0000000000F63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076057849.0000000000F62000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094750682.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://community.akamai.steamstatic.com/public/javascriH	file.exe, 00000000.00000003.2076037968.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076150417.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/badges	file.exe, 00000000.00000003.2076150417.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075963595.0000000000F49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075939636.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.96.3	sensatinwu.buzz	European Union		13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1526563
Start date and time:	2024-10-06 10:43:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:43:56	API Interceptor	1x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.96.3	c1#U09a6.exe	Get hash	malicious	Unknown	Browse	winfileshare.com/ticket_line/llb.php
	QUOTATION_OCTQTRA071244PDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/eZFzMENr/download
	QUOTATION_OCTQTRA071244PDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/eZFzMENr/download
	1tstvk3Sls.exe	Get hash	malicious	RHADAMANTHYS	Browse	microsoft-rage.world/Api/v3/qjqzqiiqayjq
	http://Asm.alcateia.org	Get hash	malicious	HTMLPhisher	Browse	asm.alcateia.org/
	hbwebdownload - MT 103.exe	Get hash	malicious	FormBook	Browse	www.j88.travel/c24t/?Edg8Tp=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+lW3g3vOrk23&iL30=-ZRd9JBXfLe8q2J
	z4Shipping_document_pdf.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/g48c/
	update SOA.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/5hcm/
	docs.exe	Get hash	malicious	FormBook	Browse	www.j88.travel/c24t/?I6=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+la3znjNy02hfQbCEg==&AL0=9rN46F
	https://wwvmicrosx.live/office365/office_cookies/main	Get hash	malicious	HTMLPhisher	Browse	wwvmicrosx.live/office365/office_cookies/main/
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Confirm Me.exe	Get hash	malicious	STRRAT	Browse	104.20.3.235
	PInstaller.exe	Get hash	malicious	STRRAT	Browse	104.20.3.235
	file.exe	Get hash	malicious	LummaC	Browse	172.67.151.30
	updater.exe	Get hash	malicious	Xmrig	Browse	172.67.162.29
	file.exe	Get hash	malicious	LummaC	Browse	172.67.151.30
	http://www.grandsignatureyercaud.com/	Get hash	malicious	Unknown	Browse	104.21.51.144
	http://www.nesianlife.com/	Get hash	malicious	Unknown	Browse	104.18.39.195
	https://daf2019.com/8/02	Get hash	malicious	Unknown	Browse	172.65.190.172
	https://wtm.entree-plat-dessert.com/r/eNqtj01vgkAQhn8NvVXcL1gOplGBqgUraGrx0gC7iquAwqLVX99Ve2iT9ubMHN6ZyeSd56hbEBqA6oCbGCPCAQM0phBhC7IUJHBp4phQznVAEdGxSfQEotRYwjYyKWMGQTFoQwMCK4mxCmupt1U2+lPTyaTc1RrqatBVxVmLF7Li/HG3jeUj43XNK9lKy/yyRy7nGrJv32jQUHf2UdkpuVfSXC6C9bAo5mAqNzN3IcLBoB0KacxNSptTOZpGXmrlfX/q7OFn8n7yUEaceiRW/VPoRudGgwT2crMOCCGr4Xl86V1zIgp5juC1sfd2lCXe8KU7Pryth8GiG+RWUUQEilF2skVEzh6ejS3PwcBeGTPfB5zNXTo5YPHsrF+vDscJq+zellaxHwrkrW62I0kdAcp+Qvz5oCw3ySY+bGyF1sj8oy6bKr2wF9vvSc7ZusnVJOMx49UDSzt34P9N/4P9DuR/cP9H/QVY0sGG	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://blmphilly.com/	Get hash	malicious	Unknown	Browse	172.66.0.227
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 188.114.96.3

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947667301065339
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'836'032 bytes
MD5:	c8916aae53838af9e4dd5b25929c3011
SHA1:	137ee51345eb0ba5009f4c2f8e063dfa02d4da94
SHA256:	20c63022ebdfb3653fc44fe6a87e42dcff15a06bf396d7ff361921f0d9c38871
SHA512:	f82bf17e928acdef01a586d2796d1c5b503f1a8326167fd195fcbb4b3d03f17cfacc8a502418a276d9b8c9c1e72da5a9c6e07c896017de0e7d4868ee4d18f1a6
SSDEEP:	49152:VfvQfcgy9NcMEkIda8tRp42GeLqf/ZpN:R/gyr12aw45eGf/
TLSH:	58853310A23D587FE5CE52B3114E537DE2E10E2A7A54705BDF23A97E614F80E34B1AB8
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................PI...........@...........................I...........@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x895000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FC834F399DAh
psrad mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+0Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	accfa2f8ab08d4414d50856f02b36a24	False	0.9995294451320133	data	7.984616310053154	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x60000	0x29d000	0x200	f563be2fc00b066e15e06dd18793584d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
trxxvdbn	0x2fd000	0x197000	0x196a00	d76cbcbb81180ea5caae0325868c8320	False	0.9939460930295112	data	7.953378514979776	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
psadlvyt	0x494000	0x1000	0x600	26dd9c8d0e3670d9de5d5d8dabe725ad	False	0.5826822916666666	data	5.085239526829499	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x495000	0x3000	0x2200	59c2056db01d99d9101b6e5458f463d7	False	0.07295496323529412	DOS executable (COM)	0.9427273502678457	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-06T10:43:56.857343+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.5	56123	1.1.1.1	53	UDP
2024-10-06T10:43:57.624664+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.5	65246	1.1.1.1	53	UDP
2024-10-06T10:43:57.695007+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.5	52515	1.1.1.1	53	UDP
2024-10-06T10:43:57.706846+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.5	50054	1.1.1.1	53	UDP
2024-10-06T10:43:57.722814+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.5	57689	1.1.1.1	53	UDP
2024-10-06T10:43:57.733408+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.5	55596	1.1.1.1	53	UDP
2024-10-06T10:43:57.745624+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.5	61579	1.1.1.1	53	UDP
2024-10-06T10:43:57.757952+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.5	60882	1.1.1.1	53	UDP
2024-10-06T10:44:00.065879+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49705	188.114.96.3	443	TCP
2024-10-06T10:44:00.065879+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	188.114.96.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 6, 2024 10:43:57.804502010 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:57.804538965 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:57.804699898 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:57.805706024 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:57.805727005 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.477006912 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.477133036 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.480880022 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.480900049 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.481420994 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.526150942 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.537293911 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.579421043 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.968300104 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.968350887 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.968502045 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.968502998 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.968519926 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.968542099 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.968590975 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.968617916 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:58.968651056 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.968651056 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.968651056 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:58.968683004 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.068048954 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.068110943 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.068357944 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.068357944 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.068389893 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.068459034 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.073565006 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.073635101 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.073782921 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.073847055 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.073857069 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.073998928 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.074048996 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.074609995 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.074630022 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.074645042 CEST	49704	443	192.168.2.5	104.102.49.254
Oct 6, 2024 10:43:59.074651003 CEST	443	49704	104.102.49.254	192.168.2.5
Oct 6, 2024 10:43:59.090253115 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:43:59.090322018 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:43:59.090409994 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:43:59.090790987 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:43:59.090821028 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:43:59.580157995 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:43:59.580467939 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:43:59.582922935 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:43:59.582977057 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:43:59.583400011 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:43:59.584945917 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:43:59.584991932 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:43:59.585076094 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:44:00.065845013 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:44:00.065954924 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:44:00.066132069 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:44:00.066879988 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:44:00.066943884 CEST	443	49705	188.114.96.3	192.168.2.5
Oct 6, 2024 10:44:00.067027092 CEST	49705	443	192.168.2.5	188.114.96.3
Oct 6, 2024 10:44:00.067047119 CEST	443	49705	188.114.96.3	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 6, 2024 10:43:56.857342958 CEST	56123	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.618436098 CEST	53	56123	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:57.624664068 CEST	65246	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.654746056 CEST	53	65246	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:57.695007086 CEST	52515	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.705060005 CEST	53	52515	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:57.706845999 CEST	50054	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.716011047 CEST	53	50054	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:57.722814083 CEST	57689	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.731739044 CEST	53	57689	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:57.733407974 CEST	55596	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.742486000 CEST	53	55596	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:57.745624065 CEST	61579	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.754226923 CEST	53	61579	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:57.757951975 CEST	60882	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.766473055 CEST	53	60882	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:57.780620098 CEST	64174	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:57.788106918 CEST	53	64174	1.1.1.1	192.168.2.5
Oct 6, 2024 10:43:59.076356888 CEST	49431	53	192.168.2.5	1.1.1.1
Oct 6, 2024 10:43:59.089487076 CEST	53	49431	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 6, 2024 10:43:56.857342958 CEST	192.168.2.5	1.1.1.1	0x221d	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.624664068 CEST	192.168.2.5	1.1.1.1	0xff6b	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.695007086 CEST	192.168.2.5	1.1.1.1	0x9b52	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.706845999 CEST	192.168.2.5	1.1.1.1	0x6b86	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.722814083 CEST	192.168.2.5	1.1.1.1	0xeb52	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.733407974 CEST	192.168.2.5	1.1.1.1	0xd9de	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.745624065 CEST	192.168.2.5	1.1.1.1	0x5626	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.757951975 CEST	192.168.2.5	1.1.1.1	0xb0b0	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.780620098 CEST	192.168.2.5	1.1.1.1	0x6848	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:59.076356888 CEST	192.168.2.5	1.1.1.1	0xb352	Standard query (0)	sensatinwu.buzz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 6, 2024 10:43:57.618436098 CEST	1.1.1.1	192.168.2.5	0x221d	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.654746056 CEST	1.1.1.1	192.168.2.5	0xff6b	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.705060005 CEST	1.1.1.1	192.168.2.5	0x9b52	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.716011047 CEST	1.1.1.1	192.168.2.5	0x6b86	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.731739044 CEST	1.1.1.1	192.168.2.5	0xeb52	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.742486000 CEST	1.1.1.1	192.168.2.5	0xd9de	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.754226923 CEST	1.1.1.1	192.168.2.5	0x5626	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.766473055 CEST	1.1.1.1	192.168.2.5	0xb0b0	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:57.788106918 CEST	1.1.1.1	192.168.2.5	0x6848	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:59.089487076 CEST	1.1.1.1	192.168.2.5	0xb352	No error (0)	sensatinwu.buzz		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 6, 2024 10:43:59.089487076 CEST	1.1.1.1	192.168.2.5	0xb352	No error (0)	sensatinwu.buzz		188.114.97.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

sensatinwu.buzz

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.102.49.254	443	6360	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 08:43:58 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-06 08:43:58 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sun, 06 Oct 2024 08:43:58 GMT Content-Length: 34827 Connection: close Set-Cookie: sessionid=e8715db59ab58234adcc530b; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-06 08:43:58 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-06 08:43:59 UTC	16384	IN	Data Raw: 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 Data Ascii: t type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_he
2024-10-06 08:43:59 UTC	3768	IN	Data Raw: 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f Data Ascii: lass="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { InitPro
2024-10-06 08:43:59 UTC	161	IN	Data Raw: 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: w mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	188.114.96.3	443	6360	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-06 08:43:59 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sensatinwu.buzz
2024-10-06 08:43:59 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-06 08:44:00 UTC	768	IN	HTTP/1.1 200 OK Date: Sun, 06 Oct 2024 08:44:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qhug0iviqnma0h25d0fg7obkkg; expires=Thu, 30 Jan 2025 02:30:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rN0SWIf6tXC%2F5K1dZasJEBNfKEM2EqLr9M13RYCbAs8jbSFrkz%2F9GiD4xs3DoWXUdeo44IF9m3wqIplh7wyMuF3uRXH%2BOlLs0HsEGXqkssXnNmB7pQypNw9XV5dTiH5ZiHw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ce45df1edbf4204-EWR
2024-10-06 08:44:00 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-06 08:44:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	04:43:54
Start date:	06/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x5b0000
File size:	1'836'032 bytes
MD5 hash:	C8916AAE53838AF9E4DD5B25929C3011
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	66.7%
Total number of Nodes:	36
Total number of Limit Nodes:	4

Executed Functions

Function 005BFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

VY^_, xrefs: 005BFDFF
t, xrefs: 005BFCBE
V, xrefs: 005BFEDC
J|BJ, xrefs: 005C000D

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: ba641d0435f0d2f0a78f624336688ca5ca560bf41a9c3fe6d73d11f3a620bd88
Instruction ID: b105d59193cd874177be819bc631bd280aab3d2a3b7942fae8693009689e68bb
Opcode Fuzzy Hash: ba641d0435f0d2f0a78f624336688ca5ca560bf41a9c3fe6d73d11f3a620bd88
Instruction Fuzzy Hash: E0D165745083809FD311DF588894B6FBFE2BB92B48F58881CE4C99B252C736DD49DB92

Function 005BD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 005BD2F1

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: a1016c5a96fd85d1b67ef48b44be28d1aba4d42333e709e8f95edca526eb47f7
Instruction ID: cd77a41011fe3075221340a07167fe0de06a19c29c78aadd346290b995bd7801
Opcode Fuzzy Hash: a1016c5a96fd85d1b67ef48b44be28d1aba4d42333e709e8f95edca526eb47f7
Instruction Fuzzy Hash: 4141217450D380ABD601AB68D689A2EFFF5AF92744F148C1CE5C497252E33AE8109B67

Function 005F5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(005F973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 005F5BDE

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 005F695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 005F69C5

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4120b7f009804a79037107f4620b6a15487480de3b03eb4e0e09f5aeba76146a
Instruction ID: ed05c3c05bf3f26975d2d18a819d3776e650f8d40cad8f05370c4a5f6b58ebcf
Opcode Fuzzy Hash: 4120b7f009804a79037107f4620b6a15487480de3b03eb4e0e09f5aeba76146a
Instruction Fuzzy Hash: 413196B05083059FD718DF28C8A063BBBF2FF84344F48981CE6C6972A1E3399904CB56

Function 005C049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b301305098423182863baed974a946d06257363e7794797ea3cd43dba0a4477e
Instruction ID: bd3520848a7fc34cddc693cb6a0d6746056c05ef645fb5553ff30cedc4124fef
Opcode Fuzzy Hash: b301305098423182863baed974a946d06257363e7794797ea3cd43dba0a4477e
Instruction Fuzzy Hash: 81916B75200701DFD7248F25E894B27B7FAFF89314B118A6CE956C7AA1DB34E819CB50

Function 005C0228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e899de804908a7820f29715073e27bc36527e8ae5b4db77dd26bd83163e88e
Instruction ID: bcc664c0ad2f76961d38e65b256f2def2318f17731ba4d889b2c380e7703ff43
Opcode Fuzzy Hash: 74e899de804908a7820f29715073e27bc36527e8ae5b4db77dd26bd83163e88e
Instruction Fuzzy Hash: CC717B74201701DFD7248F61E898B27BBFAFF49314F10896CE946C7AA2DB35A819DB50

Function 005F99D0 Relevance: .1, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8ed301512776bf4a0d8207ff9e3129193e1e10340249e9aa89c0fd98f669ad2
Instruction ID: ef320f6c2c0090bc016ea171d1ca1d432092631375456562b6090f4c9c1a3186
Opcode Fuzzy Hash: a8ed301512776bf4a0d8207ff9e3129193e1e10340249e9aa89c0fd98f669ad2
Instruction Fuzzy Hash: E4419C34648708ABDB149A15E890B3BFBA6FB85714F14882CE6CA97251D339EC11DB62

Function 005F63B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1986d008ab5415d32a091c8dbf843953eb2c4bf38fe3e4ea1d93080bfb9ad269
Instruction ID: 9c99463f1c0d166d098c25e63ecbfe059553a8f265fb1e535ff142e3514bbb1c
Opcode Fuzzy Hash: 1986d008ab5415d32a091c8dbf843953eb2c4bf38fe3e4ea1d93080bfb9ad269
Instruction Fuzzy Hash: 5B31D574649306BADB24EB04CD85F3BBBA6FB80B11F64990CF382572D1D374AC119B52

Function 005C0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34428fbf5c6f9f8db8006099989c937d1c9a29c5edd76a37c6249504dfa86998
Instruction ID: 0d1c51f924c302a2a8b4ed62522465443dbc220b9a96d6c33afabb9cb47b1cf0
Opcode Fuzzy Hash: 34428fbf5c6f9f8db8006099989c937d1c9a29c5edd76a37c6249504dfa86998
Instruction Fuzzy Hash: C72114B490021A9FEB15CF94CC90FBEBBB2FB4A304F145808E911AB292C735A951CB64

Function 005F3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 005F32A6

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 41a8304dccbb590e71df03ce6e3648c22d43a2164fa34f2532363bce86869d7b
Instruction ID: 63998e55607c49b33b1904b751c8869adb891b75867a87974b0d748e88592ee9
Opcode Fuzzy Hash: 41a8304dccbb590e71df03ce6e3648c22d43a2164fa34f2532363bce86869d7b
Instruction Fuzzy Hash: A7016D3454D2509BD701EF18E885A2BBBE9FF4A701F05491CE6C58B361D339DD60CB92

Function 005F3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 005F3208

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f1b109297b26a561ba81680208c7c0fc90f15f7f4f474f02db0c7cd64da6f03c
Instruction ID: bde02ab62d41015e70e707f6917f5f9659852dc8b29ce574f49da67ebe85eefa
Opcode Fuzzy Hash: f1b109297b26a561ba81680208c7c0fc90f15f7f4f474f02db0c7cd64da6f03c
Instruction Fuzzy Hash: F9B012300800005FDB041B00EC0AF013511EB00605F801150B100040B1D1615864C555

Non-executed Functions

Function 005CDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

<=:;, xrefs: 005CE930
LKJI, xrefs: 005CE6E6
AR, xrefs: 005CDD10
:WUE, xrefs: 005CF6B7, 005CF6C6
<=2, xrefs: 005CEA01
@ONM, xrefs: 005CE6DB
`Y^_, xrefs: 005CE99E
T, xrefs: 005CF157
|, xrefs: 005CECB1
D, xrefs: 005CE846
mjkh, xrefs: 005CE7D8
xgfe, xrefs: 005CE71D
89&', xrefs: 005CE93B
lkji, xrefs: 005CE73E
tsrq, xrefs: 005CE6FC
dcba, xrefs: 005CE728
89>?, xrefs: 005CE9F6
tuJK, xrefs: 005CE967
DCBA, xrefs: 005CE887, 005CE896
()./, xrefs: 005CE9CA
%*+(, xrefs: 005CDE37, 005CDE46
WP, xrefs: 005CDCEF
QNOL, xrefs: 005CE775
`onm, xrefs: 005CE733

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 6602e2606cdcfc8572e6fc206f1a917827749c41eade90129c0de299218beb3a
Instruction ID: 1414a4abcb376973efaa78bd57a5d04fc342dcbeddc3f09a00525e6144b9cbf9
Opcode Fuzzy Hash: 6602e2606cdcfc8572e6fc206f1a917827749c41eade90129c0de299218beb3a
Instruction Fuzzy Hash: 5AF266B05093829FD770CF54C884BABBBE6BBD5304F144C2DE5C98B252DB75A984CB92

Function 005E23E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

fedc, xrefs: 005E2782
|}&C, xrefs: 005E2F21
Cx, xrefs: 005E453D
mlc@, xrefs: 005E275C
{l`~, xrefs: 005E268C
aenQ, xrefs: 005E276A
:, xrefs: 005E32DD
`tii, xrefs: 005E2693
f@~!, xrefs: 005E25FF
3<, xrefs: 005E32D6
%*+(, xrefs: 005E40EF
ggxz, xrefs: 005E2685

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: 0d735b833d0c96b730cb9b60571966e327a27d6575352f8b8f1ab1d7da3f8798
Instruction ID: 52b143b85362717a399ce3de62d5848a464508d640c661f793167f207eb5004d
Opcode Fuzzy Hash: 0d735b833d0c96b730cb9b60571966e327a27d6575352f8b8f1ab1d7da3f8798
Instruction Fuzzy Hash: 9C33CC70504B818BD7298F3AC594763BFE1BF16304F58899DE4DA8BB82C735E906CB61

Function 005D9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

CG, xrefs: 005DAA32
WQ, xrefs: 005DA62B
sm, xrefs: 005DA830
JG, xrefs: 005DAA27
_Y, xrefs: 005DA641
WH, xrefs: 005DAA1C
?m,o, xrefs: 005DA13C
(a*c, xrefs: 005DA147
kW, xrefs: 005DA380
N[, xrefs: 005DA375
/), xrefs: 005DA66D
hi, xrefs: 005DAB9D
]{, xrefs: 005DA1E7, 005DA1F3
=], xrefs: 005DA36A
S], xrefs: 005DA636
Gt, xrefs: 005D9FF8
%e6g, xrefs: 005DA152

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: d92d1b4c7b98a0d12a594788f4d33c21f69ea0e61cb80532695d167de5d05c5c
Instruction ID: 95bdba1642adcce400b2365ef3b4fd1b8fa7af4812abbdcb2c2ef4d2139eb67b
Opcode Fuzzy Hash: d92d1b4c7b98a0d12a594788f4d33c21f69ea0e61cb80532695d167de5d05c5c
Instruction Fuzzy Hash: C752B6B404D3858AE270CF25D581B8EBAF1BB92740F609A1EE1ED9B255DB708045CF93

Function 005D9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

8;, xrefs: 005D9B13
O+f), xrefs: 005D9634, 005D963D
;IJK, xrefs: 005D983E
!E4G, xrefs: 005D9836
L3Y=, xrefs: 005D9B03
pq, xrefs: 005D99E0
T#a-, xrefs: 005D9AE3
G'M!, xrefs: 005D9ADB
?M0K, xrefs: 005D9968
z=Q?, xrefs: 005D9826
B?Q9, xrefs: 005D9B0B
B7U1, xrefs: 005D9AFB
G+X5, xrefs: 005D9AF3
,A&C, xrefs: 005D982E
X/R), xrefs: 005D9AEB
2A"_, xrefs: 005D9980

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 4f066be79d08a613f88e369130ba6908cccaf77a81a6b7a7ef3922f19a5ce534
Instruction ID: 17c6454e1a2679260ce3a1491381b5749518fbc6399df5912dc3ee92ef6e94f4
Opcode Fuzzy Hash: 4f066be79d08a613f88e369130ba6908cccaf77a81a6b7a7ef3922f19a5ce534
Instruction Fuzzy Hash: C9F12DB4408381ABE320DF19D881A2BBBE5FB86B48F144D1EF4D59B352D374D908DB96

Function 005DDD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON

Download Yara Rule

Strings

n\+H, xrefs: 005DDDC0
-M2O, xrefs: 005DE25A
r], xrefs: 005DE92E
<Y.[, xrefs: 005DE27D
{E, xrefs: 005DE323
hX]N, xrefs: 005DDDC7
], xrefs: 005DE403, 005DE664, 005DE7BD
)IgK, xrefs: 005DE261
upH}, xrefs: 005DDE8A, 005DE798, 005DDF4A
], xrefs: 005DE9C5
Y9N;, xrefs: 005DE245
,Q?S, xrefs: 005DE26F
%*+(, xrefs: 005DE143
=]+_, xrefs: 005DE276

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: ]$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$r]$upH}${E$]
API String ID: 0-4149432392
Opcode ID: fd57f10ad7d5b6689241fbdc28faeb1358e13f45068d93d1c46dc2adec8a682e
Instruction ID: cd5c6d9119ae4086eec49fdfac6d35254a3fc7b6f540d3386d1f20d904e5bf27
Opcode Fuzzy Hash: fd57f10ad7d5b6689241fbdc28faeb1358e13f45068d93d1c46dc2adec8a682e
Instruction Fuzzy Hash: 1C92D371E00605CFDB14CF68D8516AEBFB2FF8A310F29816AE456AB391D735AD41CB90

Function 005D098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

qrqp, xrefs: 005D1089
&> &, xrefs: 005D0F89
{, xrefs: 005D1502
gce/, xrefs: 005D1073
9.5^, xrefs: 005D0F9F
,#15, xrefs: 005D0F94
cah`, xrefs: 005D107E
%*+(, xrefs: 005D0A77, 005D0A86

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: 4806744079a9e69c6d294d0f82ee4732ecbba6f3abbc9cba2924e9aacaf1b230
Instruction ID: 3980d9c7448d01e6624cb6fa8bf22745fc284c9a71ca1c5c17ab00ec97826107
Opcode Fuzzy Hash: 4806744079a9e69c6d294d0f82ee4732ecbba6f3abbc9cba2924e9aacaf1b230
Instruction Fuzzy Hash: 896279B56083818BD730CF18D895BABBBE1FF96314F04492EE49A8B791E3759940CB53

Function 005B1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 005B157D, 005B15EB
0123456789abcdefxp, xrefs: 005B1587, 005B15F8
-, xrefs: 005B21ED
gfff, xrefs: 005B2297
gfff, xrefs: 005B2226
@, xrefs: 005B2C40
gfff, xrefs: 005B22E1

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: f938ef464e0dab7851e38306c93b193e44c0fa773fc02a853d4ae93f2bec37bf
Instruction ID: f80cf01ceb4a31131d5651ee4e29727975ca789fc0d39aa383265c95d1de5caf
Opcode Fuzzy Hash: f938ef464e0dab7851e38306c93b193e44c0fa773fc02a853d4ae93f2bec37bf
Instruction Fuzzy Hash: 60D2F2316087418FD718CE29C4943AABFE2BFD9314F188A2DE499DB391D734E945CB92

Function 0077205A Relevance: 8.0, Strings: 5, Instructions: 1712COMMON

Download Yara Rule

Strings

/D3k, xrefs: 00772346
l>[^, xrefs: 0077307F
xL;], xrefs: 00772EA7
M{, xrefs: 0077289B
rj_d, xrefs: 00772339

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: /D3k$M{$l>[^$rj_d$xL;]
API String ID: 0-3549623124
Opcode ID: f4a6238facaadac7f482a4e54ddffa5f607831cbfe2f80f3da21b6de6923fb49
Instruction ID: e0607347b1250895d86fa14bd980655185b62bd207ddc0fa03c2c0098a49f539
Opcode Fuzzy Hash: f4a6238facaadac7f482a4e54ddffa5f607831cbfe2f80f3da21b6de6923fb49
Instruction Fuzzy Hash: 51B24AF360C6049FE304AE29DC8567AF7E9EFD4320F1A853DE6C5C7744EA3598018696

Function 00773B9F Relevance: 7.9, Strings: 5, Instructions: 1653COMMON

Download Yara Rule

Strings

3>go, xrefs: 00773F1F
K4O, xrefs: 0077432C
kQ{~, xrefs: 00773BF0
{d>2, xrefs: 0077468A
{d>2, xrefs: 0077471E

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: 3>go$K4O$kQ{~${d>2${d>2
API String ID: 0-2791817107
Opcode ID: 335bace2de0bf958c0b5f88102be9b3f87f19e3f94c0abcd3a70a90417e4a58a
Instruction ID: e60607203baa2970eb3c06b8caa474faaa2df8773004718c896ad799a660d0ea
Opcode Fuzzy Hash: 335bace2de0bf958c0b5f88102be9b3f87f19e3f94c0abcd3a70a90417e4a58a
Instruction Fuzzy Hash: 73B2F7F3A0C2109FE704AE2DEC8567AB7E9EF94320F16493DEAC5C7344EA3558058697

Function 005B12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

0, xrefs: 005B243E
0, xrefs: 005B1DC1
0, xrefs: 005B1E88
@, xrefs: 005B3531
i, xrefs: 005B28EA

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 834e638f5eb22011e63b582d0f601c4f1d9981dd65ddb0c574e618bfb8111b8c
Instruction ID: 6ae8a880b1b89b3b53bccd8f74e3ff21819ab132c240556082784723b08f332f
Opcode Fuzzy Hash: 834e638f5eb22011e63b582d0f601c4f1d9981dd65ddb0c574e618bfb8111b8c
Instruction Fuzzy Hash: 9E62CE7160C7818BD319CE28C4947AABFE1BFD5304F188E2DE8D987291D774E949CB92

Function 005B164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 005B164F
+, xrefs: 005B1573
0123456789abcdefxp, xrefs: 005B1659
gfff, xrefs: 005B1F57
gfff, xrefs: 005B1F3C

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: bb523cee8783d9aeca3393df40dfab1cad91a3835a1197d7dc5c11ccd11d3d02
Instruction ID: 4a3285fcd9eb4a572af3049eb2923fbfbaec108346fc81e307c71082eabbabd8
Opcode Fuzzy Hash: bb523cee8783d9aeca3393df40dfab1cad91a3835a1197d7dc5c11ccd11d3d02
Instruction Fuzzy Hash: 7DF1A03160C7818FC719CE29C4942AAFFE2BBD9304F188A6DE4D987356D734E945CB92

Function 007705FB Relevance: 6.6, Strings: 4, Instructions: 1642COMMON

Download Yara Rule

Strings

uw{O, xrefs: 0077080E
vt', xrefs: 00770A70
r6m, xrefs: 00771150
BNk/, xrefs: 0077108A

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: BNk/$r6m$uw{O$vt'
API String ID: 0-2651949752
Opcode ID: e82c8e89fb1ad2a7eff126581a0d80cc797f281d7157fbc89bb76084bbbf548c
Instruction ID: 08b897e1c53a1d4ec3ab1a83cc047e9614e750067d100f49a5e2bdece1d31258
Opcode Fuzzy Hash: e82c8e89fb1ad2a7eff126581a0d80cc797f281d7157fbc89bb76084bbbf548c
Instruction Fuzzy Hash: 72B217F360C604AFD3046E2DDC8567AFBE9EF94320F1A493DEAC4C3744E97598058696

Function 005B13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

0123456789ABCDEFXP, xrefs: 005B13A3
0123456789abcdefxp, xrefs: 005B13AD
gfff, xrefs: 005B1F57
-, xrefs: 005B1F23
gfff, xrefs: 005B1F3C

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: 3a0b3e3a2e977f933e5a64db157874862bd94f2c1ec936f060e837480265077b
Instruction ID: f42c03891def7fa368dd52e95a35a752c8d944a6de3de73643d72fc8f95dd978
Opcode Fuzzy Hash: 3a0b3e3a2e977f933e5a64db157874862bd94f2c1ec936f060e837480265077b
Instruction Fuzzy Hash: 16D17E3160C7818FC719CE29C4942AAFFE2BBD9304F188A6DE4D987356D634E949CB52

Function 0076D024 Relevance: 6.6, Strings: 4, Instructions: 1628COMMON

Download Yara Rule

Strings

[d?, xrefs: 0076DAAD
8]I, xrefs: 0076DF5A
9_VV, xrefs: 0076D92A
CJv?, xrefs: 0076D9D5

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: 8]I$9_VV$CJv?$[d?
API String ID: 0-2204125848
Opcode ID: f6802412f4630c7bb5e86f792e0109f4f61afba8225d4bbc47d621d55f0c69b4
Instruction ID: bc10641a14033edd7605fc23c52265856730099b2557434539b8e17ab7a965fc
Opcode Fuzzy Hash: f6802412f4630c7bb5e86f792e0109f4f61afba8225d4bbc47d621d55f0c69b4
Instruction Fuzzy Hash: B9B218F3A0C2109FE3046E2DEC4567ABBE5EF94720F1A493DEAC4C3744EA3598058697

Function 0076EFC8 Relevance: 6.2, Strings: 4, Instructions: 1198COMMON

Download Yara Rule

Strings

/M}, xrefs: 0076F72C
s[uW, xrefs: 0076F79D
}n, xrefs: 0076F871
m6U?, xrefs: 0076F2D2

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: /M}$m6U?$s[uW$}n
API String ID: 0-2465892401
Opcode ID: caef2ddf2d774f7fc3e5c6813f3da0cc41ea2b53bf149ffba8944ecfb2caaf89
Instruction ID: 68abeaac96d9a584c95c89bd5fd21dc49dc86ec1a50c5cc232dfc069a9f43df6
Opcode Fuzzy Hash: caef2ddf2d774f7fc3e5c6813f3da0cc41ea2b53bf149ffba8944ecfb2caaf89
Instruction Fuzzy Hash: 578216F3A0C6049FE704AE2DEC8577ABBE5EF94220F1A453DEAC4C7344E63598058697

Function 005DFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

m1s3, xrefs: 005DFEC3, 005DFECB
uvw, xrefs: 005DFE95
:, xrefs: 005E0087
NA_I, xrefs: 005E036D

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: bc362d27bf2d9bc2e6c35e82250ac5b4ab2d23c1ee9620fa21ecd71d482ce814
Instruction ID: 46e8540cdf2c74d279fdef786ff28500e75851843424bae2d8d1046cb8fa0b8b
Opcode Fuzzy Hash: bc362d27bf2d9bc2e6c35e82250ac5b4ab2d23c1ee9620fa21ecd71d482ce814
Instruction Fuzzy Hash: 1232A7B0508381DFD314DF2AD884A2BBBE6BB8A300F145A2CF5D58B2A2D375D945CF52

Function 005C3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

p, xrefs: 005C3C80
%*+(, xrefs: 005C3EC4
;z, xrefs: 005C3C87
ss, xrefs: 005C3C79

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 819089db34a02a394fb2a6d11d1b474c3487f04c8848f19458d3b3c33aeb5265
Instruction ID: f7975dda4a990570818a4fb445dbd29d9f5a874e3f314bedd5ba8c865f9cd836
Opcode Fuzzy Hash: 819089db34a02a394fb2a6d11d1b474c3487f04c8848f19458d3b3c33aeb5265
Instruction Fuzzy Hash: 0D025DB4810B009FD760DF24D986B57BFF5FB01300F50895DE89A9B696E334A819CFA2

Function 005D2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

a|, xrefs: 005D2317
lc, xrefs: 005D2507
sj, xrefs: 005D2327
hu, xrefs: 005D232F

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: b61c40f772f415fbfd7c7801ca1c9f96f3f8c354294090118f783d59671cf7e1
Instruction ID: 5942d51cde1c9c3d898356e9545e8aada1a44637f3f6ef9bd8f7130a25b4c686
Opcode Fuzzy Hash: b61c40f772f415fbfd7c7801ca1c9f96f3f8c354294090118f783d59671cf7e1
Instruction Fuzzy Hash: 82A17C744083418BC720DF18C891A2BBBF0FFA5754F549A0EE8D99B391E335D945CB96

Function 005DD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

KV, xrefs: 005DD97D
#', xrefs: 005DD9EA
T>, xrefs: 005DD984
CV, xrefs: 005DD98B

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: ebcd2ba0c4b3ba8639b3d697ef374ce24a4efe3d57317343a24c060a24dbea1d
Instruction ID: f50cb2d7d854ebc3693fcb6e262799dbd68de8d37c72cc69681a1265abddb977
Opcode Fuzzy Hash: ebcd2ba0c4b3ba8639b3d697ef374ce24a4efe3d57317343a24c060a24dbea1d
Instruction Fuzzy Hash: 6A8157B48017459BDB20DFA5D28516EBFB1FF12300F605A0DE4866BB55C331AA55CFE2

Function 005DAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

lk, xrefs: 005DACBC
,{*y, xrefs: 005DAD07, 005DAD13
4c2a, xrefs: 005DACA9
(g6e, xrefs: 005DACA1

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: 9f023cf24f959103322e1f35dedf1e5bff12eb00320967db1ad6748f5e8aea81
Instruction ID: 667f7306c118b5678956b46402ba1d89e8e5abc9ef3ff9348c9875c07ffa6971
Opcode Fuzzy Hash: 9f023cf24f959103322e1f35dedf1e5bff12eb00320967db1ad6748f5e8aea81
Instruction Fuzzy Hash: 3C4195B4408382CBD7209F24D800BABBBF1FF86305F54995EE5C99B260DB35D944CB96

Function 0076BB91 Relevance: 4.9, Strings: 3, Instructions: 1103COMMON

Download Yara Rule

Strings

rfw/, xrefs: 0076C396
GQ_, xrefs: 0076C2A8
cO, xrefs: 0076C8D9

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: GQ_$cO$rfw/
API String ID: 0-911597407
Opcode ID: d8d3bd06279c5817cbefc8394d2fdbcc57be7772d360cc181fc72f53306df156
Instruction ID: 47090e14c42fb61a401e158342177b7d282baf43ea01a9aa66f54bfa65a0a5bf
Opcode Fuzzy Hash: d8d3bd06279c5817cbefc8394d2fdbcc57be7772d360cc181fc72f53306df156
Instruction Fuzzy Hash: 8D72D2F260C200AFE704AE29DC8567AFBE5EF94720F16892DE6C5C3744E63598418B97

Function 00778AE3 Relevance: 4.2, Strings: 2, Instructions: 1682COMMON

Download Yara Rule

Strings

j_, xrefs: 00778BEC
P-9, xrefs: 0077964C

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: P-9$ j_
API String ID: 0-2673639158
Opcode ID: 369c87d2961e7144c0e2f40da423c5383fff49a0b26392d674da53d8a6c4d810
Instruction ID: 9632287ef2750ab241f39bc772b2716d5d4f5523c0f47b7d3cf4f2aa4eedeab2
Opcode Fuzzy Hash: 369c87d2961e7144c0e2f40da423c5383fff49a0b26392d674da53d8a6c4d810
Instruction Fuzzy Hash: 37B245F3A0C3149FE3046E2DEC8567ABBE9EF94320F16463DEAC4D7744EA3558018696

Function 005DC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

~/i!, xrefs: 005DC537
%*+(, xrefs: 005DC9E4, 005DC9ED
%*+(, xrefs: 005DC8C3, 005DC8CB

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: d74f53b4b037f8e12f04156ed2252cb6bc745ac63cf23117272991b2c2486b13
Instruction ID: 68175b8f9e45ac3f2a849a4efeb3d23661f30a509fc9f7bcdb1303690b905c25
Opcode Fuzzy Hash: d74f53b4b037f8e12f04156ed2252cb6bc745ac63cf23117272991b2c2486b13
Instruction Fuzzy Hash: 55E198B5518345DFE3209F28D885B2BBBE6FB86340F44882EF6898B251D735D814CF92

Function 005B8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 005B8616
), xrefs: 005B860C
IEND, xrefs: 005B89F0

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: 6934823b74c30212245f224eb80774dab838675008d114ffd766a87f0e7fa08e
Instruction ID: 07f15db24da41770e1ef524d635397808d0725e11cf6a03804b6566f3219e522
Opcode Fuzzy Hash: 6934823b74c30212245f224eb80774dab838675008d114ffd766a87f0e7fa08e
Instruction Fuzzy Hash: 02E1AEB1A087069FE310CF28C8857AABFE4BB94314F14492DE99597391DB75F914CBC2

Function 005F4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005F40A4, 005F40AD
f, xrefs: 005F420C

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 3408fd60c715a7ed5a4a36a638f4dda89ed6e843b4b2742d6f7afbfbfb6eb8b1
Instruction ID: 83e31f19f110d2a0fb33f3926c67f84548a3e4f44be602c57de4f0573b28f9b4
Opcode Fuzzy Hash: 3408fd60c715a7ed5a4a36a638f4dda89ed6e843b4b2742d6f7afbfbfb6eb8b1
Instruction Fuzzy Hash: 2C1288716083459FC714DF18C880A2FBBE6FBC9314F188A2CE6959B291D739E945CF92

Function 005EF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hi, xrefs: 005EF6E6
dg, xrefs: 005EF7F5

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 3f74eee6ecc84147de447d350c7568d38082f0366085181c412eabba178bffe2
Instruction ID: f01c1cfc7f410008701d6213fc46c85d8cbe28f60f0ac2efd7d63234d8f0f212
Opcode Fuzzy Hash: 3f74eee6ecc84147de447d350c7568d38082f0366085181c412eabba178bffe2
Instruction Fuzzy Hash: 89F17571658342EFE7088F25D895B2BBBE6FF85384F14992CF1858B2A1CB34D944CB12

Function 005B35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

Inf, xrefs: 005B3607
NaN, xrefs: 005B360E

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: fbae34bff39c387a1b7949640e716d61fe53d7b502688674b8f25678b721f5f1
Instruction ID: c5ce9d6d842dbbd0845c069c7b9fb1a9cc77c20d7c197404b69429aa5c34d142
Opcode Fuzzy Hash: fbae34bff39c387a1b7949640e716d61fe53d7b502688674b8f25678b721f5f1
Instruction Fuzzy Hash: EED1D771A083119BC714CF29C88065EBBE5FBC8750F258D2DF999A7390E775ED058B82

Function 005CFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 005D0197
Ye[g, xrefs: 005D00F6

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: f1af03d2847b2a22ee18c1119d82a9ea41c09537488759b1f72bebb7c54cb05a
Instruction ID: a8ade53568aa0326f7f97d296497ef13389e74783eed41a92a2e2fb6670dc3e9
Opcode Fuzzy Hash: f1af03d2847b2a22ee18c1119d82a9ea41c09537488759b1f72bebb7c54cb05a
Instruction Fuzzy Hash: 1751BDB16093819BD731CF18C885BABBBE0FF96310F08991EE4999B791E3749940CB57

Function 005B5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 005B54C8

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: d5ed1f8c6269ed707a8760288bdfdf6a58de296dc4e38e04077fd566cd0b334b
Instruction ID: 5fc2e9ecfda7f08a6f7021122337046aa0b8e1b2c465d039a70aa16c80f23b5a
Opcode Fuzzy Hash: d5ed1f8c6269ed707a8760288bdfdf6a58de296dc4e38e04077fd566cd0b334b
Instruction Fuzzy Hash: 7422B5B6608B428BE7298E18D5403A6BFE2FFE0344F29856DE8594B381FB71EC45C741

Function 005E12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 005E15D1

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 24eb0509a910df299a4afeaa58331d28d68a465cb90b2c4727111cc22850341f
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 7FF13671A087814BC728CE26C49466BBFE6BFC5350F18896DE8DA8B382D634DD05C796

Function 005DAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005DB2D3, 005DB2DB

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: f9ed81aab060c6949eebcbef40fb84b5f3d8b2af6aaf41fc3bb71bbf7999c136
Instruction ID: 689cfa1162751f51b695211d5e5ad16358177f5628d5d2fd5abd8bbe1f0b2867
Opcode Fuzzy Hash: f9ed81aab060c6949eebcbef40fb84b5f3d8b2af6aaf41fc3bb71bbf7999c136
Instruction Fuzzy Hash: 10E1A675508306CBD724DF28C89056FBBE2FF99781F55891EE4C687320E730AA59DB82

Function 005C6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005C6EF3

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 6dd38f58c8819133d46e7fd8cf84364b18b30ff4ff6181e0796da7a2f8f892cb
Instruction ID: 4eef0a96d44150640b996601eb6d40b2efe1a0db7370f511861e6462598db102
Opcode Fuzzy Hash: 6dd38f58c8819133d46e7fd8cf84364b18b30ff4ff6181e0796da7a2f8f892cb
Instruction Fuzzy Hash: 4DF1B0B5600B02CFD724DF64D881A26BBF6FF98314B14892DE49787A92EB34F915CB41

Function 005D7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005D8263, 005D826B

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ac47f62e083faffd6f2b77e3a21580c7a64836ddcf5ebc0be219561d3e96fd83
Instruction ID: 33aed0f5b9ccdc38124dadf61431a657a1c04bb1baf0bbc0cdd85132fa71ae8e
Opcode Fuzzy Hash: ac47f62e083faffd6f2b77e3a21580c7a64836ddcf5ebc0be219561d3e96fd83
Instruction Fuzzy Hash: 03C1CE71508201ABD720AB18C886A3BBBF5FF95754F48881AF8C59B351E734ED05CBA3

Function 005D8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005D9233, 005D923B

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 9dfe69a167fb39194e797a1dca965c1c1b0d43ffa27458a5786baa34c29ea586
Instruction ID: 62d5e88934188539294a9ba2eaeec17ac9d7578f909b8529b83f6dbaf389ec86
Opcode Fuzzy Hash: 9dfe69a167fb39194e797a1dca965c1c1b0d43ffa27458a5786baa34c29ea586
Instruction Fuzzy Hash: 1DD1AC74618302DFE714DF68D890A2BBBE6FF89304F49486EE48687391DB34E950CB61

Function 005C4487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON

Download Yara Rule

Strings

BI\, xrefs: 005C485E

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: BI\
API String ID: 0-3476646191
Opcode ID: bdf442079155294c9c7435edcebb78489e0fa3650b5054dd1c055aa412644a74
Instruction ID: a1835d539cb3ad4d5ad96dbfa00a6817c400e0b1a6595dffb740e8e82718fa32
Opcode Fuzzy Hash: bdf442079155294c9c7435edcebb78489e0fa3650b5054dd1c055aa412644a74
Instruction Fuzzy Hash: 48E1EFB5501B008FD325CF28D9A6BA7BBE1FF46704F04886DE4AAC7A52E735B814CB54

Function 005F7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 005F8167

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: dcce4a2241b78bad5074eea218bf0b83ffd127f4800ea6626c5e1abdb5c61ecb
Instruction ID: 1084a59b2d916b232c2d609ee30110415bce291cbc755b61f11ebc8e999fc951
Opcode Fuzzy Hash: dcce4a2241b78bad5074eea218bf0b83ffd127f4800ea6626c5e1abdb5c61ecb
Instruction Fuzzy Hash: 98D1D7729082694FC715CE18989073FBAE2FB85718F158A2CEAB5AB390CB75DC05C7D1

Function 005F6CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

"p_, xrefs: 005F7015

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: "p_
API String ID: 0-274955791
Opcode ID: 4ffcc320f738cced29c588f71255a083417661729c2bb6bce8e0241a83696f56
Instruction ID: 1ac10aaa8ffa3129f5ee9cbe7702c8758b78b2166fee35e31bbed4f7403a8dbf
Opcode Fuzzy Hash: 4ffcc320f738cced29c588f71255a083417661729c2bb6bce8e0241a83696f56
Instruction Fuzzy Hash: 7AD1FF36618355CFC714CF38D88052BBBE6BB8A315F098A6DE995C73A1D334EA44CB91

Function 005DCCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005DCDC3, 005DCDCB

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: a99ca663a19a339bf8a5833fc64eb4bd632eb016216da640127b23f4c7d9c2b9
Instruction ID: 343b50fdf26871c1c18f837567b409298e15eb42ccba0a89aad2000850d053db
Opcode Fuzzy Hash: a99ca663a19a339bf8a5833fc64eb4bd632eb016216da640127b23f4c7d9c2b9
Instruction Fuzzy Hash: 97B1DDB05093429BD724EF18D884A2BBFE6FF85340F14492EE5858B352E335E855CBA2

Function 005BA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 005BA9C3

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: c5d176a0c4556463867d65213ad73241efd822fd198ea8f20f5494bf266faf18
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: BCB126702083819FC321CF28C88065BBFE1AFA9704F548A2DF5D997342D631EA08CB67

Function 005EFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005EFCA4, 005EFCAD

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 1c0a29842bf957224307d5302992ca8335908b0215badd26f1a37858201bb91f
Instruction ID: 783d576a0295dc0576a200162959b7c96a4a46b8de884836c57d7479b8f42f8e
Opcode Fuzzy Hash: 1c0a29842bf957224307d5302992ca8335908b0215badd26f1a37858201bb91f
Instruction Fuzzy Hash: 8981DE70548346EBE714DF59DD88A2BBBE6FB89741F14882CF2C587291EB34D814CB62

Function 005CD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005CD663, 005CD66B

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: eec26c4959c05e765407951404e3cf7789b2b0501218912b09f83eff9d7beb27
Instruction ID: f4dc9861319844fff627f3f082a538ae1e51c7fb415a019e89022f1c96a4c4e6
Opcode Fuzzy Hash: eec26c4959c05e765407951404e3cf7789b2b0501218912b09f83eff9d7beb27
Instruction Fuzzy Hash: 7361CF72908205DFD710AF98D842B3BBBB1FF95354F08086DF9869B251E775E910CBA2

Function 005F4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005F4C33, 005F4C3B

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 1318c1225b3cccd8a64071f03e1db381600694ac4500f9e0ce6100a50a4c6cf4
Instruction ID: a59a19816de236cf2f07b2152f55322ca893a06f20d44768d822a614dd502e3c
Opcode Fuzzy Hash: 1318c1225b3cccd8a64071f03e1db381600694ac4500f9e0ce6100a50a4c6cf4
Instruction Fuzzy Hash: 8E61AB716093499BDB119F29C880B3BBBE6FB84314F18891CEAC587292D739EC51DF52

Function 0077667C Relevance: 1.4, Strings: 1, Instructions: 190COMMON

Download Yara Rule

Strings

<Y[?, xrefs: 00776811

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: <Y[?
API String ID: 0-402465944
Opcode ID: 23f2c315bb9c735424569cdfe07055189c70386372ff9ea63925fd2b57e70c30
Instruction ID: 5f5e25b8959a87434d816c7709ff1f9ce1acdc950bd975add7bc1ea56acda410
Opcode Fuzzy Hash: 23f2c315bb9c735424569cdfe07055189c70386372ff9ea63925fd2b57e70c30
Instruction Fuzzy Hash: B951F7B3608100AFEB046A2DDC5172ABBE6EFD4324F1A493DEAD5C3350E6359815C647

Function 005BE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 005BE333

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: be23d41b33a745e51565c2d57799d90791cd1892d7f6ec1aa63c9719603280a8
Instruction ID: 1d0df4c3016e8cd0802f155a0130d996c41eb60b97a2f86afca6df9ec807682b
Opcode Fuzzy Hash: be23d41b33a745e51565c2d57799d90791cd1892d7f6ec1aa63c9719603280a8
Instruction Fuzzy Hash: B9512537A196904BD328993C4C572F9AEC72FA2334B3DCB69E9F1CB3E1D51998049390

Function 005F3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005F39E3, 005F39EB

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 84c17ef6d32535a49da120bd1d6001705ab491c8830901f9e6b3c60100d45b49
Instruction ID: 6b747e90e8bde7ff34b6fdb7ceabbb2b3007c145f53cfb284f13105a79ada026
Opcode Fuzzy Hash: 84c17ef6d32535a49da120bd1d6001705ab491c8830901f9e6b3c60100d45b49
Instruction Fuzzy Hash: CD519E306092049BEB24DF1AD984A3BBFE6FB85744F18881CE6C687251D379DD10DB62

Function 005C1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 005C1C3E

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: fb9e3ab1df6b6ff6f90ca19b75d980f906848218ef2e86301190817224ef0442
Instruction ID: cc24750e9908aa244237e4ea9efe1573327fec03eec5902c15e31062f921107b
Opcode Fuzzy Hash: fb9e3ab1df6b6ff6f90ca19b75d980f906848218ef2e86301190817224ef0442
Instruction Fuzzy Hash: 344152B40083809BC7149F65C894A2FBBF0FF96314F04991CF5C69B292D736C905CB5A

Function 005EFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005F0033, 005F003B

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 530ba19e3ec4cab3397dd200ea4a180fb4b70e2fdf45530a5e5fab87d44e8b3d
Instruction ID: b8a3c7d4ff2e2d3628af602348642fb603b93bba73baa360b274a4aa718c80f1
Opcode Fuzzy Hash: 530ba19e3ec4cab3397dd200ea4a180fb4b70e2fdf45530a5e5fab87d44e8b3d
Instruction Fuzzy Hash: E131F5B1504309ABD710EA14DC49B3BBBEDFB81744F985828FA85D7293EA25DC10C763

Function 005DE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 005DE6A2

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 007f561a3d1c7b64134b8f5608ad883b3350022396b9647aca5ea6a1b5513fab
Instruction ID: 5af0573a0528a4d49824a6188d8771b2504b90c8b36047b440f7d3ce5d2fb83e
Opcode Fuzzy Hash: 007f561a3d1c7b64134b8f5608ad883b3350022396b9647aca5ea6a1b5513fab
Instruction Fuzzy Hash: 3631A2B5900245CFDB20DF99E8815AFBFB5FB5A745F14086EE446AB301D331AD04CBA2

Function 005C6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 005C703B

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a205bac919fc5f1da2fe68f976ecdef05bdf7d223f2f2327bb41cf224f2c5409
Instruction ID: dbc8b5eb67163a34fa81fe798698e4c098f0db0547c3b276ab9f8ff540cc0bd3
Opcode Fuzzy Hash: a205bac919fc5f1da2fe68f976ecdef05bdf7d223f2f2327bb41cf224f2c5409
Instruction Fuzzy Hash: BB411275205B099FD7248BA5C999F27BBF2FB49701F14881CE586ABAA1E331E8008F10

Function 005DE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 005DE6A2

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 2359cd83d409868b2feee4673dd45bd10df334010779fe53c961c13e9f8e8c2d
Instruction ID: 96fb63c83bb66c12b0a431d44dc7c41582f29bc869af44e1f83fdd43a562e804
Opcode Fuzzy Hash: 2359cd83d409868b2feee4673dd45bd10df334010779fe53c961c13e9f8e8c2d
Instruction Fuzzy Hash: D0218BB1900245CFC720AF99D9819AFBBB5FB5A745F14081EE446AB341C335AD00CBA2

Function 005F9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 005F9D30

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 46b29ccca618642d7036b5a559dc85f6171c60d017ac06510f6425137fd76e8c
Instruction ID: 179a164f848c6f952feda6c468c8d1b4fbbb1c5cefdfb56448ea8653606f3930
Opcode Fuzzy Hash: 46b29ccca618642d7036b5a559dc85f6171c60d017ac06510f6425137fd76e8c
Instruction Fuzzy Hash: 223189709083049BD310EF14D880A2BFBFAFF9A314F24992CE6C997251D339D904CBA6

Function 005C4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736dfcf9e75b1e4657fee3c9d4e348cdf08340df6021f460cec5c495c9dd8d31
Instruction ID: b2a3ee24918aac1660ebb65e129a3b0f597679f6a3f9661803ed6797aa28128f
Opcode Fuzzy Hash: 736dfcf9e75b1e4657fee3c9d4e348cdf08340df6021f460cec5c495c9dd8d31
Instruction Fuzzy Hash: 9F6267B4500B018FD725CFA4C994B27BBF6BF59700F58892CD49A8BA52E774F848CB91

Function 005BBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 058d130f81dfe78eb11bf9f707ff520302394308641760733d33fd0fb9fd6fc2
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 6152F731A087118BC7259F18D4442FABBE1FFD5319F294A2DD9C697281E734B851CB8A

Function 005F8652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae766ca1d5a9d9b54f974b14fd389873225232f18cb6b3e22425e1068cd4ec51
Instruction ID: 0bb4d6a7aa7de208ced282d14447ae25c7170ac7fe9a47a40e3e6f29a113049e
Opcode Fuzzy Hash: ae766ca1d5a9d9b54f974b14fd389873225232f18cb6b3e22425e1068cd4ec51
Instruction Fuzzy Hash: BA22DC75648345CFC714EF68E89062BBBE2FF8A315F09886DE68987361CB35D950CB42

Function 005F86F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6adfe7d266dd3afb2ae00e9904cf1a8643666a7da65a683f82858a5e5a50c402
Instruction ID: 138d7afbafcd33efdd40a5a06f15a0ff72acb0f28cbb15b8a20b9158b2a10aa9
Opcode Fuzzy Hash: 6adfe7d266dd3afb2ae00e9904cf1a8643666a7da65a683f82858a5e5a50c402
Instruction Fuzzy Hash: 7522CD75648344DFC714EF68E89062ABBF2FF8A305F09896DE68987351CB35D950CB42

Function 005BB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a7cb46b9311f24cf0ef1903636219e61cbeaa8a376286ad7b56db69e4282c9d
Instruction ID: 2ddeda94fa5c288c309e5799951843ec3077149a22486e1674bd3d2054f7928f
Opcode Fuzzy Hash: 0a7cb46b9311f24cf0ef1903636219e61cbeaa8a376286ad7b56db69e4282c9d
Instruction Fuzzy Hash: 82527D70908B888EF735CA24C4947E7BFE2BB91314F144D2DD5E606A82D7F9B8858752

Function 005B71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8adcceb46fc9101d0bbd1ab130525a29a4b38a4a04fd3d692eb537df0d41fc2b
Instruction ID: 875072ece47702bcb215a24d9e66cd98c6432e9b288d83750583acce77f3d3ea
Opcode Fuzzy Hash: 8adcceb46fc9101d0bbd1ab130525a29a4b38a4a04fd3d692eb537df0d41fc2b
Instruction Fuzzy Hash: 87528E7150C3498BCB15CF29C0906EABFE1BFC8314F198A6DE89A5B352D774E949CB81

Function 005B8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1df257857f97f7dcb4d8721d5f015f09469e5d352f2209e1366f22c6b12f841
Instruction ID: a3c106849d56bee626ab865c1332a6a4f8a3afdc062f54b5b16ee70c48706f65
Opcode Fuzzy Hash: e1df257857f97f7dcb4d8721d5f015f09469e5d352f2209e1366f22c6b12f841
Instruction Fuzzy Hash: 30427775608301DFDB04CF28D8557AABBE1BF88315F09886CE5858B3A1D739E989DF42

Function 005B7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23170f065ad620109a296916c1f9d5362783e96c6ad5ca3f0975168e00e34e13
Instruction ID: 2b0295b061677931d3457016e85f9f1ae95c170d87a01865ad26b71c43356c55
Opcode Fuzzy Hash: 23170f065ad620109a296916c1f9d5362783e96c6ad5ca3f0975168e00e34e13
Instruction Fuzzy Hash: 5C323370519B158FC328CF29C5905AABBF1BF89700B605A2ED6A787F90D736F845CB14

Function 005F89A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d5b0461c66ec803b6b28bfee92cb937a7b9cfbe761086cdb40b44b72903fa0
Instruction ID: 044588ab085235874dd2ebb81b5fd3fe7946627028fc28d71bb8e47deeee843d
Opcode Fuzzy Hash: a5d5b0461c66ec803b6b28bfee92cb937a7b9cfbe761086cdb40b44b72903fa0
Instruction Fuzzy Hash: D902BD74608345DFC714EF68E88062ABBE6FF8A305F09896DE6C587361CB35D914CB92

Function 005F8A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54dc41d61fe64dbb3e5db7030a852a1e3d0b84a567405fa7b128f39d5fa34d80
Instruction ID: f1d9f20757ae368b65949a5d464208af1fa00fd5d840f9842b1e21e2282e1184
Opcode Fuzzy Hash: 54dc41d61fe64dbb3e5db7030a852a1e3d0b84a567405fa7b128f39d5fa34d80
Instruction Fuzzy Hash: 44F18A75608345DFC714EF28D88062ABBE6FF8A305F09896DE6C987251DB36D910CB92

Function 005F8C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66bfcb8fa87daeb84581d13e7c5e1b076bb75c9554fd4d08b30cfbfd37622d70
Instruction ID: 528157343fd638c96979e5a64d345dcce0b46f561253ca1ffe0d1e2d560abd62
Opcode Fuzzy Hash: 66bfcb8fa87daeb84581d13e7c5e1b076bb75c9554fd4d08b30cfbfd37622d70
Instruction Fuzzy Hash: 36E1CE75648341CFC714DF28D88062AFBE6FB8A315F09996CE6C987361DB36D910CB92

Function 005BA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: be766f4010fff8dee9fddcf887f9d134bd080865cccf7c4996897a475648dcf3
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: BFF1AC756087418FD724CF29C8816ABBFE2BFD8300F08882DE4D987752E639E945CB56

Function 005F8E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b9fb570fa2723ef5ca71b84bc8370abf3cb6e3fed55f2d8f27a991165e31a3d
Instruction ID: f1d019c0de4784f1a2cf218b7a0ed89f50480e6ccc599b07e005a276137dfda2
Opcode Fuzzy Hash: 8b9fb570fa2723ef5ca71b84bc8370abf3cb6e3fed55f2d8f27a991165e31a3d
Instruction Fuzzy Hash: 1DD1AE7460C345DFD704EF28D88062AFBE6FB8A305F09896DE6C587251D73AD910CB92

Function 005F7AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eea4d23b3cdfcacf736da38f64b600da1c88de8b85c725de75384072fc45f111
Instruction ID: 3dd0667af645b56c19e6db460ca1ad962102dd7329d4e2e90c67c05787aa7f7f
Opcode Fuzzy Hash: eea4d23b3cdfcacf736da38f64b600da1c88de8b85c725de75384072fc45f111
Instruction Fuzzy Hash: 46B10772A083584BE714DA28CC4577BBFE9BBC9314F04496DEA99D7381E739DC048792

Function 005BAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: d3611525b61943f837714ef174ea3c953ec887823eaad2de854fde2d9c0dafdf
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: ADC16E72A087418FD370CF68DC967ABBBE1BF85318F08492DD1D9C6242E7B8A155CB46

Function 005C6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edd1490f62a947b00364d2c8b7c70a1df0c8c320cc7b2711741e79706cf41195
Instruction ID: 45beb724f321264d78c0f3194bf313ba7f3a9d7448239598f3fc37d7c5aff87a
Opcode Fuzzy Hash: edd1490f62a947b00364d2c8b7c70a1df0c8c320cc7b2711741e79706cf41195
Instruction Fuzzy Hash: 63B11EB4600B008FC3218F64C985B67BBF2FF46704F54885CE8AA8BA52E735F905CB55

Function 005F7710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: aa198a3bd6fefaf49900f2202ba9f1e5f6ec75c48a145ea05b27e7261acd2c57
Instruction ID: 5c908bbba4b2fefd72c6400db97658a5d1f3988a0b7c38e246f367d74bf46d53
Opcode Fuzzy Hash: aa198a3bd6fefaf49900f2202ba9f1e5f6ec75c48a145ea05b27e7261acd2c57
Instruction Fuzzy Hash: C2919C71608309ABEB20DB14C844B7FBBE6FB89354F54881CFA8597352E734E940CB92

Function 005FA0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0442bdd6731bc263d606ab67e57a03a538087048b323b6b32767bdf6390e2218
Instruction ID: 218c7536f6ef3960646c5d6014540e3bff6e7b8b1b6a0b994fa6fb49ba87b319
Opcode Fuzzy Hash: 0442bdd6731bc263d606ab67e57a03a538087048b323b6b32767bdf6390e2218
Instruction Fuzzy Hash: D4816E742087059BD725DF28D890A3BBBE5FF85740F55891CE68A87291E735EC10CB93

Function 005E64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7592c131b9f80f23e4338289492efe9acc8ef0d6b2f64f7589b246fcceef8721
Instruction ID: 0007c57e60f084a3828ff81492a0cacf32ebb3891b437f173f453566efbdf78e
Opcode Fuzzy Hash: 7592c131b9f80f23e4338289492efe9acc8ef0d6b2f64f7589b246fcceef8721
Instruction Fuzzy Hash: 9F71F533B29AD04BC3189D3D4C463A5AE536BF63B4B3D8779A8F4CB3E5D52948069350

Function 005D28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 917c040d3849b350fcd93bcc78c95d6f8a93901abc4ce75960dee56f618f4add
Instruction ID: 809de39c06ab38235fbffd181ac6830e7f6f1b97466775a153efc55cddffbb7d
Opcode Fuzzy Hash: 917c040d3849b350fcd93bcc78c95d6f8a93901abc4ce75960dee56f618f4add
Instruction Fuzzy Hash: BA6177B44183809BD320AF18D851A2BBBF1FFA6751F08491EF4C59B361E33AD910CB66

Function 005D7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 741c5757815375d5fcfb02793983983a426799bae2fe7b5d1ba20c2a75a186fa
Instruction ID: 30d5975b6e390c9261309e40c5e4ffbe124813d4562a6d67074e43756d1f7e82
Opcode Fuzzy Hash: 741c5757815375d5fcfb02793983983a426799bae2fe7b5d1ba20c2a75a186fa
Instruction Fuzzy Hash: 7A51AFB16182089BDB20AB28CC96B773BA5FF89354F14495AF9858B391F375EC01C762

Function 0073175C Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44a3b5337080161e690740610a180e97f1721580e3241a7f4a65776edd63029f
Instruction ID: 14684dc112a516b48cdfa13ff4c0d7b0454d91ea64e43b09b922c6b575688fb3
Opcode Fuzzy Hash: 44a3b5337080161e690740610a180e97f1721580e3241a7f4a65776edd63029f
Instruction Fuzzy Hash: BB6168F3E082106FE3149E69DC4576BB7D5EB94720F1B863DEA88D3780E5798C0186D6

Function 005E1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 6f6d8e83b380db96b2227ef75afcc2327c41d93329193f80fe4e0579ffde2c17
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 5A61EE3160D7919BD718CE2AC58072EBFE3BBC9750F68C92DE4D98B252D270DC819789

Function 005E82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da3605896f789645802492bf7c1dac8deeda50163e1c309c467bb7781b29352
Instruction ID: a35d2cb07eaffd0993a0a89ea985923cc62074a73bb0694ebac503faf6fec7c6
Opcode Fuzzy Hash: 7da3605896f789645802492bf7c1dac8deeda50163e1c309c467bb7781b29352
Instruction Fuzzy Hash: F0613633A1AAD14BC31C453E5C453B66E836BE6734F3ECB6A98F98B3E4CD6948059341

Function 00737F7D Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53a7f6e5adc0f14f01b802e32cdc08721f220a9ae73f62d7a3999af01a2dbaf8
Instruction ID: 4a29b4183ce5b43852645a74b501bad7a8adeaed0d94fd222363c9847d249f37
Opcode Fuzzy Hash: 53a7f6e5adc0f14f01b802e32cdc08721f220a9ae73f62d7a3999af01a2dbaf8
Instruction Fuzzy Hash: D96136B3A083148BE3147E2DDC897ABFBE6EBD4320F1B453DDAC593744E93559018686

Function 005C42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa0ed09317a1a437c733b97fd83e6e4dcb421b9da5c3f7330afb2b1707fbb9a0
Instruction ID: 62a1b316dd69770adc5654e127ac6cf9fede7910777c1b7fb9c76be0af63b42c
Opcode Fuzzy Hash: aa0ed09317a1a437c733b97fd83e6e4dcb421b9da5c3f7330afb2b1707fbb9a0
Instruction Fuzzy Hash: D481D4B4810B00AFD360EF39D947797BEF4BB06201F404A2DE4EA96695E7306419CBE3

Function 006C4EF1 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3041b29a01439e21a2df4c69d1c8e898a02f5de7dd1c7569d7c549de933f459
Instruction ID: 07aefcb1ccdc095b90b7ec7b8dc1fbcaf54c114337917f401e3d6ada4d2ce994
Opcode Fuzzy Hash: c3041b29a01439e21a2df4c69d1c8e898a02f5de7dd1c7569d7c549de933f459
Instruction Fuzzy Hash: 455125F3E186105FF304696DECC57AABAC6EBD4320F1A853DE7C8D3784E97988054686

Function 005EE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: a2298da70e5d4a1575d3f51429defe2c076d05ca8bbf6b714c41bf4b2057d265
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: EE517DB16087548FE314DF69D49535BBBE1BBC5318F044E2DE4E983351E379DA088B82

Function 00684FA4 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d36989560281cd745d145236c44cd2543b216a0399d87e32506ea9082cbdcaa9
Instruction ID: 0a4cc557ad273b026c004e54b22b664c65d85d4a926f983ae37cc2840956ef80
Opcode Fuzzy Hash: d36989560281cd745d145236c44cd2543b216a0399d87e32506ea9082cbdcaa9
Instruction Fuzzy Hash: E651E1F39083088FE704BE3DDC5937AB7E5DB84320F16463EDA9587784F9395A158286

Function 005F7520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b31c1e69c4501bd91e14e30b10635f80906ddc2153ebf532b049bbcf851afb9
Instruction ID: e38528114bb6e6d53acb0ddcc5c4ee8c7d82258a592d630cd9d5d89a286d5b5d
Opcode Fuzzy Hash: 3b31c1e69c4501bd91e14e30b10635f80906ddc2153ebf532b049bbcf851afb9
Instruction Fuzzy Hash: EA51E63160D2089BC7159E18DC90B3FBFE6FB89754F288A2CE6D597391D735AC108B51

Function 005B5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 664bcc8f6a66711aeb5f1639b2595e5f8255d114fbcd109c5ac4af92467681da
Instruction ID: 7ecdf9b177e7ad9553e75c34ce1fdd3ab8b12e1b41a2aa32fa1d7149132ececc
Opcode Fuzzy Hash: 664bcc8f6a66711aeb5f1639b2595e5f8255d114fbcd109c5ac4af92467681da
Instruction Fuzzy Hash: D351E6719047059FC718DF14C890A6ABFA1FF85324F59466CF89A9B352E631FC41CB91

Function 0083F828 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ee01e1a8e615726fbb8a0f6a17a570ab2296d2c045488467de8f7c005c077cc
Instruction ID: 02f081d651fd4c2c3fcb9dbe4798ce0544c9b70273888c0f039317c1f500826b
Opcode Fuzzy Hash: 5ee01e1a8e615726fbb8a0f6a17a570ab2296d2c045488467de8f7c005c077cc
Instruction Fuzzy Hash: 0341FFB2D4C215AFE7056E28DC8163ABB94FBC8328F364A3DEAC6D7705D635580196C3

Function 00731FEB Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fc41e62db5885c0465f2bfb4d57a73af68881398376fad05ac8274fb5a03cf3
Instruction ID: 09e45966bf8bb4d5bfc72a1a24d8776be8e9d57658dceed7da623958ce98e0b9
Opcode Fuzzy Hash: 0fc41e62db5885c0465f2bfb4d57a73af68881398376fad05ac8274fb5a03cf3
Instruction Fuzzy Hash: F741BFF3A086049FE3446E19DC4536AF7E6EFD4720F2A883DD6C887784EA7858458B47

Function 005DEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10b900260b7d2aa8cb4493d52db6ea21dba9429cf3fa78ecefe7050c1de66dae
Instruction ID: 7990be3cd4c1bdd0957fd9017658b26e47d0823969018a80f4b2c3ab61da3d83
Opcode Fuzzy Hash: 10b900260b7d2aa8cb4493d52db6ea21dba9429cf3fa78ecefe7050c1de66dae
Instruction Fuzzy Hash: 4A41A174900316DBDF209F58DC91BADBBB1FF0A340F14454AE945AF3A1EB38A951CB91

Function 005F9B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f35c76a27ea46c1f622589923b616d545c7abe036e40e9b96ad94cb9a4a86a3d
Instruction ID: 51fab4bb7cd5402609c7836c9cdfb9bd21cfe9bead30efec7ecaa4ee8bbc2614
Opcode Fuzzy Hash: f35c76a27ea46c1f622589923b616d545c7abe036e40e9b96ad94cb9a4a86a3d
Instruction Fuzzy Hash: C941AF34648748ABD710DF14D990B3BBBE6FB85710F24882CF68A97251D339EC00CBA2

Function 005C2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f94eb3815984e3b16cb461402c3118376c850cc2842d572bc42dc1ce9aef9a8a
Instruction ID: e8a72b7a43fdf90303161b2e0b13640fc933e8eb56313c49e5f8d9e93352993e
Opcode Fuzzy Hash: f94eb3815984e3b16cb461402c3118376c850cc2842d572bc42dc1ce9aef9a8a
Instruction Fuzzy Hash: 3641F772A083654FD35CCE6A849473ABFE2BFC4300F09866EE4D6873D1DAB58945D781

Function 005C1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdabcd857e1bb540bd3311cd4578e3eb640cb7c136bba2c1f6a0104c363e9c6b
Instruction ID: 207881ffc45aa382e9ded5315874c29408af197b066a3c8a9c5d3252050eda42
Opcode Fuzzy Hash: cdabcd857e1bb540bd3311cd4578e3eb640cb7c136bba2c1f6a0104c363e9c6b
Instruction Fuzzy Hash: C141EF74508380AFD320AB95C888B2EFBF5FB86745F14491CF6C497292C376D814CB6A

Function 005F8D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc09372c9133c32bf318b9fb68380a39664431045020b140974194945920cd47
Instruction ID: aab42859f8383fc3ff748276414879393a93d61aab37e5eef2f414aff2078111
Opcode Fuzzy Hash: dc09372c9133c32bf318b9fb68380a39664431045020b140974194945920cd47
Instruction Fuzzy Hash: D041A0316082558FC714DF68C49053EFFE6AF99300F198A2DD5D9DB292DB79DD018B82

Function 005CD961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89b2494c5319cbddc8fafb3a7a8a09be14699160d0793ba02cb5c97ad8bda7ee
Instruction ID: 71307ce231ab5ed8fb3897d8315bc22c5ebd80285b0989a2efb50cd6447fc9bd
Opcode Fuzzy Hash: 89b2494c5319cbddc8fafb3a7a8a09be14699160d0793ba02cb5c97ad8bda7ee
Instruction Fuzzy Hash: 344179B55483818BE3309F14C885BABBBB1FF96360F04096DE48A8B691E7B54940CB67

Function 005EF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 3ec1f58650e2b7915e4a042c7ccfacc0eca3a87098df93b5905ebc96eed1ef37
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 1C2137329082644BC3289B1AC48453BFBE4FBD9704F06863ED9C4A7296E7359C10C7E1

Function 005F67EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7615808f658eb9d6fa5f32cbddf6b507278b3428fd5cfae8bf02e746918e9d80
Instruction ID: 22c6df813b8011d467607808c4f2a23c98942b1dbfa56fe3826aadefefc5659a
Opcode Fuzzy Hash: 7615808f658eb9d6fa5f32cbddf6b507278b3428fd5cfae8bf02e746918e9d80
Instruction Fuzzy Hash: CD3102705183829AD714CF14C49062BBFF1FF96785F54680DF4C8AB262D338D985CB9A

Function 005D5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 569c07c9ceb23d8768dfe975a7b7cdd0cd414dec386ea2c72d28e81f4a237b29
Instruction ID: 7863abfd68a020443d01e76a0cc543678af09a63b63101619e8ce8f3679aac20
Opcode Fuzzy Hash: 569c07c9ceb23d8768dfe975a7b7cdd0cd414dec386ea2c72d28e81f4a237b29
Instruction Fuzzy Hash: 78219FB05096029BD320AF18C84596BBBF8FF92765F44891AF4D59B392F334D900CBA3

Function 005B49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 10f3fc7428590b248107b8b053ed85d3cce9ae3e3efbd32bf042223f00b8adc6
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 7531B8316482019BD7249E58D8819BBBBE2FFC4359F18892DE89AD7342D231FC52CF46

Function 005F64B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6942226a51e350be40e69181b51566cff85ac2ec867ed74911f7f59118f6f0e
Instruction ID: 6df3532ab0c7b10e55934e3d18052b93dd9d58149d01cc2a5940d6e14af433a7
Opcode Fuzzy Hash: f6942226a51e350be40e69181b51566cff85ac2ec867ed74911f7f59118f6f0e
Instruction Fuzzy Hash: AE21667460C2059BCB04EF19D594A2FFBE6FB95741F28981CE5C593361C339AC50DB62

Function 005F5700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29b5fbe85bbd26380fa74b8d4ce4a370d2439dcf87c438bb9bdc7371c4080496
Instruction ID: 051f6d45ce014fe5bf209a04ea89ae38e4294f69fee88f35642e87e050a07b86
Opcode Fuzzy Hash: 29b5fbe85bbd26380fa74b8d4ce4a370d2439dcf87c438bb9bdc7371c4080496
Instruction Fuzzy Hash: 7911917551D640EBD301AF28E844A2BBFF5EF86711F058828E6C49B311D339D810CB92

Function 005EB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: ab45f473f49816396b47a9198f8c320fd65737a8737100dba5b6f5894fd256e7
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: E3110C33A051E50ED71A8D3D8440566BFE32AE3236F6D4399F4F49B2D2D7238D8A8354

Function 005E0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 38a7a00659c4cb02ce0824ba2054d2aedcbd74e327baf944bd93f41d65ba04ea
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 3C01B5F1A0034247E7249E5294D4B3FBAACBF80718F18552CE48657381DBB1EC45C6A5

Function 005DD1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2603e7cf8ef2711e182d1597d980e6d9342cbd6f56afd17c93f38d54b93f9a62
Instruction ID: 7578600fa909e8066de1ebfa050f47ff24bc558faba63e9eded5518437e6e79f
Opcode Fuzzy Hash: 2603e7cf8ef2711e182d1597d980e6d9342cbd6f56afd17c93f38d54b93f9a62
Instruction Fuzzy Hash: B911DDB0418380AFD3209F658488A2FFBE5AB96714F148C0DF6A45B251C379E815CF56

Function 005B6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2acf1c6078d23c9adb89c7b14ebe1e0c5a3c13ab37e5dbd0c9616d3cf1335d6
Instruction ID: eeb7a8b33a09d9633927e08787993d3d50398f8a48745c49730336d6780e49af
Opcode Fuzzy Hash: e2acf1c6078d23c9adb89c7b14ebe1e0c5a3c13ab37e5dbd0c9616d3cf1335d6
Instruction Fuzzy Hash: EAF0523E71820A0BB210CEAAE88487BF7E6E7D9364B091538EE40C3205CD76F80692D4

Function 005EB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 005CC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 005CB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: b09195aa192a34a97a69c5278d581dce03833753eaa8c099ce0b7de44af05736
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 96F0ECB16085105FEF26CAD49CC5F37BF9DDB87354F19142EE84557103D2A15849C3E5

Function 005E8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6880051fdf3c16ad1dfff85f42395bff753f14313ff96ec7966d64b1863e2af
Instruction ID: 3e48485822c6d65442a6fed1a04cdba733869fdc5130449563bb3cc3582a3889
Opcode Fuzzy Hash: a6880051fdf3c16ad1dfff85f42395bff753f14313ff96ec7966d64b1863e2af
Instruction Fuzzy Hash: 2801D2B04107009FC360EF29C545756BBE8EB08714F004A1DE8AECB680D774A5488B82

Function 005F1440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 5ff54cc558d39e9b7978fc00e64a029b15ebf628a40a129a60cfcf98908b5e2e
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: BDD0A731608721869F748E19A404977FBF0FAC7B11F49955EF686E3148D234DC41C2AD

Function 005C1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0abe25138661aa8474a0c070ff37e7cc79582147116272262f0a7b6963a84eaf
Instruction ID: a597e603084a99bc0b61e9b8bdac9857e8175f330b3e0524a35d260de03df01f
Opcode Fuzzy Hash: 0abe25138661aa8474a0c070ff37e7cc79582147116272262f0a7b6963a84eaf
Instruction Fuzzy Hash: 41C012345540008BC604CF40AC9953266B8A7172087007029DA02E3621DA24C406E609

Function 005F6094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 864f071aa07ba72a60adbca3b979304da54b428e629530f9deb3a6bc189b2966
Instruction ID: 07de478426ccade624dbf7443a1af3ab66a050a0e8d07e3b2f4e2e7a5b2bf071
Opcode Fuzzy Hash: 864f071aa07ba72a60adbca3b979304da54b428e629530f9deb3a6bc189b2966
Instruction Fuzzy Hash: 9EC09B346AD01487D30CCF05D951576F77F9BA771D724B05DC90623355D234D512951C

Function 005C1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af506fe2411f3091679f27f6aec7ee2535e1fc6d51d0790b1688f4629a7b1ba
Instruction ID: f83a03cefd235eb7236075a1d18752af656488e44b031c3fc9f70d474da9a746
Opcode Fuzzy Hash: 8af506fe2411f3091679f27f6aec7ee2535e1fc6d51d0790b1688f4629a7b1ba
Instruction Fuzzy Hash: D8C04C24A990408AC644CE85A8D5531A6A85717208710343A9A02E7662D564D409E60D

Function 005F5FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094055595.00000000005B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005B0000, based on PE: true

Associated: 00000000.00000002.2094042471.00000000005B0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000610000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000785000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.0000000000894000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.000000000089F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094089963.00000000008AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094331243.00000000008AE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094441890.0000000000A44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2094455168.0000000000A45000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb6a830e1151cc21c4053aace9c54a1523acf56c0b7b42cf3b611de46a7deea9
Instruction ID: 02ad32dac41fb75e64bd80669f463b45967326b8881407a0b9bbbacb8ee59c48
Opcode Fuzzy Hash: cb6a830e1151cc21c4053aace9c54a1523acf56c0b7b42cf3b611de46a7deea9
Instruction Fuzzy Hash: 0FC09224BA90108BE34CCF19DD51A36F6BF9BABA1EB14B02DC806A3356D234D512860C

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 005BFCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 005BD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 005F5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 005F695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 005C049B Relevance: .3, Instructions: 264
COMMON

Function 005C0228 Relevance: .2, Instructions: 218
COMMON

Function 005F99D0 Relevance: .1, Instructions: 143
COMMON

Function 005F3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 005F3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON